British Society for Dermatopathology Privacy Policy
Name: British Society for Dermatopathology (Charity registration number UK: 290908)
Address:
Prentis & Co Llp
115C Milton Road
CAMBRIDGE
CB4 1XE
E-mail: info@thebsd.org.uk
The British Society for Dermatopathology was established in 1974. It is independent medical Society registered as a charity in the UK (charity registration number 290908). Its charitable objects are promoting teaching, training, and research on dermatopathology. The BSD is a Special Interest Group (SIG) of the British Association of Dermatology (BAD). Please see the BAD Privacy Policy, section 5.3: https://www.bad.org.uk/privacy-policy
The BSD is not registered with the Information Commissioner’s Office.
As a registered not for profit organisation (Charity), the BSD is entitled to process data without paying A GDPR fee “for the purposes of establishing or maintaining membership or support for a body or association not established or conducted for profit, or providing or administering activities for individuals who are members of the body or association or have regular contact with it”. The activities of the BSD do not require the appointment of a Data Protection officer (https://ico.org.uk/for-organisations/does-my-organisation-need-a-data-protection-officer-dpo/y/n/n/n). Members of the Executive Committee of the BSD, who may have access to personal data receive all training on information governance provided by the NHS organisations that employ them.
We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.
Most of the personal information we process is provided by you either directly to us, or though the BSD website for one of the following reasons:
We collect the following:
Personal details such as name, gender, nationality, date of birth, email, home addresses, telephone numbers
Professional details such as your job title, profession, hospital address, GMC number, GMC status,
Financial information such as direct debit details.
We may on occasions request a profile photo and your permission to publish it on our website.
4.2. Personal data generated by your involvement with the BSD
BSD membership details such as your membership category, subscription status, subscription history
is stored on your contact record on the BAD database. If you contact us through the BAD website, tracked email correspondence with yourself will be stored in the BAD data base as well.
We also capture personal information on the Self Certificate page
https://thebsd.org.uk/educational-resources/self-certificate-form. We take name and email. This information is stored in our web hosting server and that uses standard security precautions to keep it safe, including the use of a web firewall provided by cloudflare.com
The Contact form on the Contact page https://thebsd.org.uk/contact-us/ also captures personal info: name and email address, which is send direct to email.
We automatically collect some information about your visit to the Website. This information helps us to make improvements to the Website content and navigation and this may include your IP address, the times and frequency with which you access the Website and the way you use and interact with its content. We use website user tracking software: Google Analytics.
We also receive personal information indirectly, from the following sources in the following scenarios:
• Our zoom account: when you register to one of our meetings. We use the information that you have given us to process your registration to our meetings and to create reports to assess the success of the meeting.
5.1. General use and administration
We process your personal data to enable us to run our operations and manage our relationship with you effectively, lawfully and appropriately. We may use your information to:
Process membership subscriptions (though the BAD)
Maintain and update our membership database accurately (though the BAD)
Send you communications such as Newsletters and information on General Meetings / Annual General Meetings (emails sent through the BAD team)
For our internal records
To allow good running, management, and development of the BSD
To improve our service
To acknowledge with your permission, your contribution to the BSD in our website
5.2 Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You can remove your consent at any time. You can do this by contacting admin@thebsd.org.uk
(b) We have a legal obligation.
6. Disclosing and sharing your personal data
We do not sell your information to third parties
We do not share your information with third parties for marketing purposes.
6.1. Provide services
Our Society works closely with the BAD. The BAD provides the administration of memberships for the BSD, including handling applications, subscription payments, general membership enquiries and data updates such as change of personal details. All data is stored on the BAD database. All applications for BSD are made via the BAD website. The BAD shares your data with the BSD as part of the application process, as it is necessary for the BSD to review your application and offer approval so the BAD may process your application.
The BSD does not keep membership application forms once they are processed (thy are immediately deleted once processed).
Data on BSD members may be requested for a specific purpose by the BSD to the BAD. If personal data is included, it will be deleted after receipt, keeping only anonymised data if required.
When you opt to get a self-accreditation certificate, your name and email address will be stored by us for up to months. This information will be visible to Acronym Computers as they maintain our website. They do not collect any information. The information is stored in a third-party server based in London provided by Cloudways/Digital Ocean. Their privacy policy is here https://www.cloudways.com/en/terms.php#privacy
7.Data security
7.1. Protection
Please see data security section on the BAD Privacy Policy https://www.bad.org.uk/privacy-policy.
We keep your name and relevant contact details in any correspondence that we generate in response to your queries. Your information is securely stored in the web hosting server and in the email inbox.
We also keep your name and email account when you generate self-accredited certificate in a data base kept by the website. This info is stored in the web hosting server and that uses standard security precautions to keep it safe, including the use of a web firewall provided by cloudflare.com. We keep for 12 months the information you provide us when generating a self-certificate using our website. We will then dispose your information by deleting the dataset on the web server database.
We will keep data you submit with you register to one of our zoom meetings in our zoom administrator page accessed by the account license holder only. We will keep this data for 2 months after the meeting ends
We may request you to provide a profile photo of yourself to be published in our website. When you provide a profile photo of yourself, the information is stored in a third-party server based in London provided by Cloudways/Digital Ocean.
Their privacy policy is here https://www.cloudways.com/en/terms.php#privacy
7.2. Payment security
Please see data security section on the BAD Privacy Policy
Payments such as donations you make directly to the BSD will be made via bank transfer and or “Go and Fund me.” Your personal details will be given to our accountant for record keeping.
8. Storing your personal data
8.1. Where we store data
Some services we may provide to you via the Website may be hosted on third party sites. To provide those services, we may transfer Personal Data to those sites. Some third-party sites may be hosted outside the EEA.
8.2. Retention of your personal data
We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). We continually review what information we hold and will delete personal data which is no longer required.
9. Control of your personal data
9.1. Your rights
We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:
• the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
• the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate personal data rectified;
• (where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.
There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.
9.2. Complaints
Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting the President of the British Society for Dermatopathology in the first instance at Complaints@thebsd.org.uk.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk
10. Cookies
Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). Further information can be found in our Cookies Policy.
10.1 Links to other sites
Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting admin@thebsd.org.uk. If a third-party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.
11. Changes to this privacy policy
This privacy policy is subject to amendment to ensure it remains up to date and reflects how and why we use your personal data. The latest version will always be visible on our website.
Any questions regarding this privacy policy should be sent to the President of the British Society for Dermatopathology (2020-2022), Dr Luisa Motta at info@thebsd.org.uk