COSRT Privacy Policy




Personal Data  – any information relating to an identified or identifiable natural person

Processing      – any operation or set of operations which is performed on Personal Data or on sets of Personal Data

Data Subject    – a natural person whose Personal Data is being processed

Child                – a natural person under 16 years of age.

Act                  – the Data Protection Act 2018, given Royal Assent on 23rd May 2018.


At COSRT, we are committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information about our members, non-members and the public, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes. If you are a member, by your membership of COSRT, you are agreeing to be bound by this Policy.


COSRT is a charity and a company limited by guarantee.

Charity No 1101961

Company No 4998207


Tel: 0208 543 2707


Post: Business Manager, COSRT, PO Box 13686, London SW20 9ZH

Registered address: COSRT, 10 Queen Street Place, London, EC4R 1BE

For the purposes of the Act, COSRT is the Data Controller responsible for determining what personal data is collected and what it is used for.


We obtain information about you when you join our organisation and complete your membership, accreditation or supervisor accreditation application forms. We also gather data from you regarding your feedback on your satisfaction with our CPD, events and surveys. Information may also be collected in the event of a complaint.

As a non-member who has a professional interest in COSRT, we may collect data about you if you join our CPD events.

If you are a member of the public, please see the section below on the general public and COSRT.


COSRT does not generally collect information directly from the public except when they request information, advice or wish to raise a concern. In these cases, the request is passed to the relevant officer to action. In the event of a complaint being raised, more detailed personal data may be taken and will be dealt with in accordance with the rest of this policy and with our conduct procedure. The general public has a right to subject access, as well as all of the other rights outlined below.

Please note below the cookie information, which applies to the public as well as to members.

COSRT does not engage clinically with the public but requires that its members have clear privacy policies and client agreements that detail the terms and conditions of their clinical work.


Our services are not targeted at children and we do not knowingly ever collect any information from them.


We may collect both personal and sensitive information.

The personal information we may collect includes:

  • Name
  • Address
  • Email Address
  • Landline Number
  • Mobile Number
  • Date of Birth
  • Qualifications
  • Training course enrolled on
  • Complaints (including alleged complaints)
  • Financial information, including bank account details.

We may also collect sensitive personal information, known as ‘Special Category’ data under the Act:

  • Gender, ethnicity and marital status
  • Religious or other cultural beliefs
  • Physical or mental health or condition
  • Sexuality
  • Offences (including alleged offences)

If you have applied for a job or volunteer position we will collect your CV, covering letter and contact details.


We use the information we hold on you for operational purposes. Personal information submitted to us will be used for the purposes specified in this Privacy Policy or in relevant parts of the website(s) and other COSRT services.

We may use your personal information to:

  • Process your membership;
  • Administer the website;
  • Improve your browsing experience by personalising the website;
  • Enable your use of the services available on the website;
  • Send to you goods purchased via the website, and supply to you services purchased via the website; eg CPD events on-line training;
  • Send statements and invoices to you, and collect payments from you;
  • Send you updates of general clinical information;
  • Send you email notifications, which you have specifically requested;
  • Send to you our newsletter “Update” and other communications relating to COSRT clinical business;
  • Send you carefully-selected third party information, which we think may be of professional interest e.g research projects;
  • Provide third parties with statistical information about our members. This information will not be used to identify any individual Member but only to aid us with the development of clinical tools and protocols;
  • Deal with enquiries and complaints made by or about you;
  • Update our member database systems;
  • Maintain and display COSRT membership directories in public areas of the website;
  • Administer and support COSRT members as required from time to time.

Where we are administering membership information, dealing with training or other services you have requested, or providing clinical updates, we will have a legitimate interest in contacting you.

Where we are contacting you for other reasons, we will obtain your explicit consent, and always where we contact you by e-mail. We will regularly review and update these consents. You may contact us at any time to be added to our database for these purposes.

Where you submit personal information for publication on our website or any other COSRT managed media, we will publish and otherwise use that information in accordance with the consent you have given.

Your personal data will be treated as strictly confidential. We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing. Nor will we seek information about you from external agencies or other third parties.

All our website financial transactions are handled through our payment services provider, PayPal.  You can review the PAYPAL policies below.

We do not store card payment information on COSRT systems. All transactions are fulfilled by our payment service providers.

For purposes of quality control and training, calls and emails may be monitored.


Most records are normally kept for 7 years, after which they will be archived, or destroyed, however, in some circumstances it may be necessary to retain records for longer than this.


There are occasions when we may need to make disclosure to a third party. We may disclose information about you to any of our employees, officers, agents, suppliers or subcontractors insofar as is reasonably necessary for the purposes set out in this Privacy Policy.

In addition, we may disclose your personal information:

  • to the extent that we are required to do so by law, or by regulators, public authorities or government departments;
  • in connection with any complaint, legal proceedings or prospective legal proceedings;
  • in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention, national security or reducing credit risk).


COSRT will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions containing personal details that you make to or receive from us will be encrypted using SSL technology.

It must however be noted that data transmission over the internet is potentially insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential and not sharing these. We will never personally ask you for your password, other than when you logon to the website.


Subject to certain exceptions, you have the following rights with respect to your personal data:

  • The right to receive a copy of the personal information we hold on you;
  • The right to correct and update the information we hold on you;
  • The right to have your information erased, although basic details will be retained in order to evidence compliance with this request; except information required for membership purposes;
  • The right to data portability;
  • The right to withdraw your consent at any time;
  • The right to make a complaint to COSRT or to the Information Commissioner’s Office.


Should you wish to access your data or have it destroyed before 7 years have elapsed, you may submit your request in writing to our Data Controller, along with evidence of your identity. We will respond to your request within a month, unless the request is particularly complex or a whole series of requests have been made, when it may take longer to provide all of the information.


Like many other websites, the COSRT website uses cookies. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. This helps us to improve our website and deliver a better more personalised service to members and the public.

It is possible to switch off cookies by setting your browser preferences. You can remove cookies stored in your computer via your browser settings. Alternatively, you can control some 3rd party cookies by using a privacy enhancement platform such as:

For more information about cookies, visit We use Google Analytics to measure traffic on our website. Google has their own Privacy Policy which you can review here:

If you’d like to opt out of tracking by Google Analytics, visit the Google analytics opt out page.


COSRT strives to do its utmost to protect your data and as part of this duty we will have robust breach detection, investigation and internal reporting procedures in place which will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals. However, in the event of a personal data breach the following actions will be taken.

  • All breaches will be reported immediately to the COSRT contact responsible for data protection;
  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, COSRT will notify the ICO within 72 hours and will inform those individuals affected without undue delay;
  • A record of any personal data breaches will be kept.


Anne Buggy, Business Manager

Tel: 0208 543 2707


Post: COSRT, PO Box 13686, London, SW20 9ZH

Registered address: COSRT, 10 Queen Street Place, London, EC4R 1BE


We keep this Policy under regular review. This Policy was last updated in May 2018.