Privacy Policy: Zoroastrian Medical Association (ZMA)

Who we are & contact

Zoroastrian Medical Association (“ZMA”) is the data controller for the personal data you submit to us.

What we collect

• Identification & contact: name, email, country/region, organisation/institution.
  
  

• Professional details: role (doctor, dentist, veterinarian, or student), registration/student ID (e.g., GMC/GDC/RCVS) where provided.
  
  

• Eligibility/affiliation information (which may indicate religious affiliation) to confirm membership.
  
  

• Preferences: interests (mentorship, events, etc.) and messages you choose to share.
  
  

• Participation data: event sign-ups, mentorship matching, WhatsApp group membership (if requested).
  
  

How we use your data

We use your information to:

• Assess eligibility and manage membership records.
  
  

• Communicate updates, events, and opportunities.
  
  

• Run mentorship, networking, and community programmes.
  
  

• Administer group access (e.g., WhatsApp) and maintain a professional environment.
  
  

• Respond to enquiries and improve how we operate.
  
  

We do not sell your data.

Our legal bases

• Consent — you choose to submit data and can withdraw consent at any time by emailing zal [at] doctors.org.uk.
  
  

• Legitimate interests — running and safeguarding a small professional association (e.g., preventing misuse, basic analytics/metrics).
  
  

• Legal obligations — if we must comply with law or requests from regulators.
  
  

Special category data

We may process religious-affiliation information (as part of eligibility) only with your explicit consent, strictly to confirm eligibility and manage membership/communications.

Sharing & processors

Access to personal data is limited to ZMA Committee administrators on a need-to-know basis. We use trusted service providers (“processors”) for storage and communications, such as:

• Google (Forms/Sheets/Sites/Gmail)
  
  

• WhatsApp (if you request a group invite)
  
  

These providers may store data outside the UK/EU. Where they do, we rely on appropriate safeguards provided by the providers (e.g., standard contractual clauses).

Retention

We keep your data while you remain opted-in and active. If you withdraw consent or ask us to delete your data, we aim to remove it within 90 days, subject to minimal archival requirements (e.g., security backups).

Your rights

Subject to applicable law, you may request: access, correction, deletion, restriction, data portability, and to withdraw consent at any time. You may also object to certain processing based on legitimate interests.

To exercise your rights, email zal [at] doctors.org.uk. You can also lodge a complaint with the UK Information Commissioner’s Office (ICO).

Security

We apply reasonable administrative and technical safeguards (limited access, least-privilege, password/2FA practices). Data in transit to our processors is encrypted by those services.

Children

Our services are aimed at adults in professional or university settings. If you believe a child has submitted data, contact us so we can delete it.

Changes to this notice

We may update this notice to reflect how we work. Significant changes will be posted on our website/form with a new effective date.

Effective date: 01 October 2025