The Healthcare Infection Society (HIS) is committed to protecting and respecting your privacy and complying with the General Data Protection Regulations (GDPR) 2018.

We take your privacy seriously and will protect your personal information. This policy sets out how we use the information that you provide us with in order to help manage your membership, attendance at HIS events, article submissions and applications for our grants or roles within HIS.

Submissions to the Journal of Hospital Infection (JHI) and Infection Prevention in Practice (IPIP) are via Editorial Manager, a publishing system managed by Aries and our publisher, Elsevier. Authors submitting articles should familiarise themselves with the Aries Privacy Policy and the Elsevier Privacy Policy

This policy also explains how you may use the information and photography published on our website.

Our privacy commitment

We will:

  • Always hold your details securely, and only for a defined amount of time
  • Only share your information with the following suppliers, or when legally obliged to do so (for the purpose of fulfilling a contract we have with you, such as your membership, event attendance and journal subscription): 

Fitwise management (managing and marketing FIS/HIS international events)

Spindogs (website portal management)

Centrepoint Services [oomi] (membership, committee and event management)

Elsevier and Aries Systems (for the purposes of article processing and JHI and IPIP publication)

Survey Monkey (event management)

Mailchimp (member and event communications)

Titus learning (eLearning)

Zoom (online events and meetings)

  • Only contact you in the ways that you give us permission to do so, and we will make sure that everything we send to you is relevant to your membership, the HIS journals, and HIS activities
  • Adhere to your current communications preferences, and you can opt out at any time
  • Only analyse your data in order to communicate with you more effectively, better understand your preferences and our ability to support our work
  • Make sure you are in control of your information, and that you can ask us to stop using it whenever you choose.

If you have any questions, would like to change your preferences or opt out of communications, you can either do this in your account settings through the HIS portal, or please advise us in writing, either by email to, or by post to Healthcare Infection Society, 7E Wakefield Street, London WC1N 1PG.

We will not sell your data to any third parties, but we may sometimes share your information with trusted service providers as listed above. We ensure that any third parties with access to your data are held to strict standards for data use and security in accordance with UK GDPR.

Our Data protection officer can be contacted via email

Your information – what we collect and how we use it

We collect information from individuals who make contact with us. For example, we ask for contact and other information when a member joins the society, when event attendees register for an event, when authors submit an article to our journals and when individuals apply for a grant or role. We use this information to help us provide our services and to keep a record of our communications with you.

If you are a member or event attendee, we will ask for information that enables us to administer your membership or event payment. This will normally include information such as your name, contact details such as address, email or telephone number and your payment details.

We will contact you with information about your membership and our activities, and will ask for your consent to contact you regarding any communication that is not vital to the fulfilment of your membership or an activity for which you have signed up for.

We will continue to ask about your marketing preferences, to ensure that you are still happy to be contacted by us and by which means. You can opt out of communications such as the monthly member electronic newsletter at any time by following an ‘unsubscribe’ link at the bottom of these emails.

What the Law says about protection of personal information

The General Data Protection Regulation (the ‘GDPR’) became enforceable in May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there are legal grounds to do so. Activities such as collecting, storing and using personal information fall into the UK GDPR’s definition of processing.

Lawful processing

The UK GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.

Lawful processing

Within the UK GDPR, the six lawful bases for processing personal information are described in detail by the Information Commissioner. The four legal grounds under which HIS processes personal data are:

  • Consent
  • Legitimate interest
  • Contract
  • Legal obligation

We will always ensure at least one of the above legal grounds apply before collecting and processing your data.

How the law applies to how we use your personal information

We will only process (use) your personal information if we have either:

Asked for your permission, and have a record of your express and recent consent for us to do so; or

Have a legitimate interest to do so in order to support our charitable purposes or

A contract with you that we can only fulfil by using your personal information, e.g. to send you an item or information that is part of your membership or that you have requested (e.g. the JHI); or

A legal obligation to use or disclose information about you, e.g. we are required by law to keep records of financial transactions for 7 years;

In addition, in extreme situations, such as an accident or medical emergency that may take place at a HIS event, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

We will not unduly prioritise our interests as a charity over your interests as an individual. We will always balance our interests with your rights. We will only use personal information in a way and for a purpose that you would reasonably expect in accordance with this Policy.

You can be assured that HIS will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.


Where we have no legitimate interest or contract with you, HIS will only email you if we have an accurate record of your recent and freely given consent to do so. We will only telephone you if you have provided a telephone number, and only then if there is a problem with (for example) your membership application or renewal, or when you have asked us to telephone you.

You can withdraw your consent at any time in writing by either emailing, or by post to Healthcare Infection Society, 7E Wakefield Street, London WC1N 1PG. 

However, there are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. legitimate interest, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.

Legitimate interest

This legal ground for processing means that HIS can process your personal information if we

1. have a genuine and legitimate reason for doing so, and

2. are sure that use does not harm any of your rights and interests as an individual

Our legitimate interest

We believe that the best way to look after the interests of individuals who engage with us is to consider their unique interests and expectations, and we have established the following categories to describe those who engage with HIS. This provides us with an additional method for assessing that we use your personal information in a way that matches your relationship with us; your interests; and your expectations about your rights.

The three categories for our data protection needs assessments are those individuals that have:

  1. Signed up for HIS membership, an event, submitted an article or a review to the JHI or IPIP, or applied for a grant
  2. Demonstrated an interest in our work by contacting us for more information, e.g. to find out more about one of our events, join a committee, HIS grants or contribute to the HIS journals
  3. Job applicants, current and former HIS employees

What we have a legitimate interest to do

We believe that these three categories describe individuals who are connected to our mission, who want to know how they can engage or receive support from us, and who would like to help us to achieve our charitable aims.

Unless individuals tell us not to, we keep and use an individual's personal information for the following lengths of time. We will not to keep personal information for longer than we specify below. This is not the length of time that we will continue to contact an individual – this could be a shorter period of time (see below for an explanation on our personalised approach to communications).

Our legal basis for processing your data

Membership of HIS

For individuals who have indicated an interest in HIS by becoming a member, we have a contract in place and need to keep your information to ensure that your membership is fulfilled. If (for example) you decide to allow your membership to lapse, we will continue to contact you for a grace period of 56 days, after which you will be considered a Lapsed Member. We will keep your information for a period of 7 years from when you lapse, to allow us to meet our legal obligation with respect to financial transactions. This will also enable us to contact you as part of a lapsed member campaign as we feel that this is a legitimate interest. If you do not want to be contacted in this way, ask us to stop and we will do so.

As part of the Society’s commitment to improving equality, diversity and inclusion within our governance structures, activities and membership we collect diversity data on our members. This is to determine whether we as an organisation represent the diversity we see within the IPC professional community. Providing this data is entirely optional for members. Diversity data is stored securely, completely anonymised, and stored separately from the individual’s membership record. Any reports produced are also completely anonymised.

Those who have demonstrated an interest in our activities

Event attendees

We will retain your information for a period of 7 years to allow us to meet our legal obligation with respect to financial transactions. As we may run similar events to the one which you attended, we may also use your data to tell you about these events, or for the purposes of offering you membership so that you can attend future HIS events at a reduced rate. During registration for events we ask your explicit consent to do this. You will need to opt in to allow us to contact you in this way.

Grant applicants

We will keep your information for a period of 10 years if you applied for a grant and were unsuccessful. We do this in order to be able to alert you if there are calls for research proposals relevant to you as we feel that this is a legitimate interest.

If you were successful, we will keep your information in perpetuity, for the purposes of tracking the long-term impact of grant funding as we feel that this is a legitimate interest. We will only contact you with enquires specific to your grant award.

JHI and IPIP authors and reviewers

Authors and reviewers of the JHI and IPIP should refer to the Aries Privacy Policy and Elsevier Privacy Policy.

Job applicants, current and former HIS employees

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

If you apply for a role and are unsuccessful, we will retain your information for 6 months.

If you are employed as a member of staff, we will securely retain your information for 10 years post your employment. This is so that we are able to provide employment references on request and also proof of your earnings if we are required to by law.

Legitimate interest to send you direct mail

We do not routinely send direct (postal) mail unless we have a contract to do so. Unless you tell us not to, we will rely on our legitimate interest ground (explained above) for sending you direct (postal) mail.

We are always mindful of trying to only send you what you are interested in, and only as often as is appropriate. If we do not appear to be sending communications that are of interest, we will review this and will endeavour to reduce and then stop these types of communications. Please contact us to change your preferences at any time via



Data Analysis

In order to communicate with you more effectively, better understand your preferences and ability to support our work, we may analyse your data.

We like to find out about your personal motivation for engaging with HIS and your experiences when you do so. This helps us to give you the information about our activities most relevant to you. In some instances, we may carry out research and/or analysis of the personal information that you have provided to us and add publicly available information (such as public records or social media) to help us tailor our communications to you.

Data Sharing

To help us provide services we use the trusted service providers we have already listed within our privacy commitment and who we ensure have a statutory and contractual obligation to process your data in compliance with UK GDPR. We will only share the data necessary for the purpose of fulfilling our contractual requirement to you. HIS do not share, sell or swap your information with other organisations for their own marketing.

In some circumstances it is necessary for HIS to give relevant staff at our service providers access to your personal information. This access is only granted to the extent necessary for them to perform their services for us. We require all service providers to comply with UK GDPR and the strict rules to protect the information you have given us.

Changes to your data

From time to time we may contact you to ensure that the information you have provided us with remains accurate and up to date.

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law. This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.


Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track, at an individual level, whether the user has opened and clicked on the email. We do not use this information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every group email we send.

Storing your data and web security

We ensure that there are appropriate technical controls in place to protect your personal details. For example our online forms are always encrypted and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.

Financial transactions made online to HIS using this site are secure. No one can access your credit card details via the internet.

Where we store your personal data

The data that we collect from you is obtained, processed, stored and transmitted in compliance with data protection legislation including the UK GDPR. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.


Disclosure and access to your information

You have the right to ask us not to process or retain your personal data for any purpose.

Access to information

The UK GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the UK GDPR. We may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information.

If you would like to access your information, please write to us at this address:

Data Protection Officer

The Healthcare Infection Society (HIS)

Montagu House

7E Wakefield Street

London, WC1N 1PG

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to

How our website works

Our website communicates with your browser using SSL protocols, ensuring that all of your personal data is encrypted, including your payment details. This also applies to payment processing where you will be connected directly to a secure external payment service provider, again through a secure communication channel.

You can see that a connection is secure by looking at the padlock or key icon displayed in your web browser, which signifies that the connection to the website is encrypted using HTTPS and has an SSL / TLS certificate. Your browser may also alert you to the fact that you are connecting to a secure server, and if so, it will also tell you when you are closing the secure

Cookies and web privacy

The collection of information

Every time you log on to our website your IP (Internet Protocol) address registers with our systems. Your IP address reveals no information other than the number assigned to you. We do not use this technology to get any personal data against your knowledge or free will (i.e. we do not automatically record e-mail addresses of visitors). Nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.


We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit for detailed guidance.

The list below describes the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent' policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser's anonymous usage setting (called "Incognito" in Chrome, "InPrivate" for Internet Explorer, "Private Browsing" in Firefox and Safari etc.)

First party cookies

These are cookies that are set by this website directly.

Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

Third party cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+ and Pinterest. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.


Using information and photographs on our website


You may print any factsheet on this site for your own information but you may NOT sell it, reproduce it on the internet, distribute it, alter it, or reprint it in any publication without permission from the HIS Information Office. Your journal subscription is an individual subscription for your use only, and you may not share it with others.

Please note that all material on this website is the copyright of HIS or third parties. You may print any HIS factsheet on this site for your personal use, private study or for teaching purposes in schools colleges, hospitals or universities provided all material is marked "By kind permission of HIS", and the material cannot be adapted for use in any other publication, used for profit or used in any way that will bring the charity into disrepute.

The use of the name and logo of HIS is permitted for private study or teaching purposes as stated above. If you are unsure what material you can or cannot use please email us at


All photography on this site is reproduced with kind permission of the photographers concerned, or under licence. You may not use any image on this website without permission.

This information was last updated in May 2024. From time to time, we will make changes to the information on this page. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.