Personal Data and Privacy Policy - Society of Research Software Engineering

This Personal Data and Privacy Policy is based on the Policy used by the BCS: https://www.bcs.org/legal-and-privacy-notices/data-privacy-policy/

Personal data

Personal data, or personal information, means any information about you which could be used to identify you. We may collect, use, store and transfer different kinds of personal data about you, including: Identification Data includes first name, last name, username or similar identifier, marital status, title, date of birth and gender; Contact Data includes billing address, delivery address, email address and telephone numbers;Transaction Data includes details of products and services you have purchased from us; Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our websites; Profile Data includes your username and password, your interests, preferences, feedback and survey responses; Usage Data includes information about how you use our website, products and services.

We need to collect personal data by law, or as required to provide our services and products to you. If you fail to provide that data when requested, we may not be able to provide the services you are asking for. In this case, we may have to cancel service you have with us. If we need to do this, we will notify you at the time.

How we collect your personal data

We may collect data from and about you in a variety of ways. You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone; email or in person.

As you interact with our website, we may collect technical data about you, including the IP address used; login information; browser type and version, operating systems and platforms. We may also collect information about your visit including the pages you visited; what you searched for; length of visits and methods used to browse away from the page. We collect this personal data by using cookies, server logs and other similar technologies.

When Google Forms is used to collect your data, as in the case of a survey, Google may also collect additional personal data from you (e.g. IP address) as described in their privacy policy. We do not receive or hold any of this additional data.

How we use your personal data

When you supply us with personal data, we will make it clear whether that data must be supplied so that we can provide products and services that will enable you to participate in Society business, or whether the supply of any personal data we ask for is optional.

We may use your personal data to provide services, to communicate with you in relation to those services; to support you in creation and administration of accounts; we may process your personal data for the purposes of creating anonymised statistical information about the Society’s activities; provide information about our events; to conduct surveys; and to keep you up to date with core Society activities.

Where you have given your express permission to receive communications from third parties, we will use your personal data to send you carefully vetted announcements from those third parties, such as consultations and events.

We may also process your personal data if required by law, including responding to requests by government or law enforcement agencies or for the prevention or crime or fraud.

The Society uses software platforms approved by Trustees to manage membership, events and a mailing list. The platforms comply with the GDPR policy, for details of the platforms used by the Society see the website.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How long will we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

If you are a member, we will retain your personal data for the duration of your membership and for a period of six years following the termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements or any orders from competent courts or authorities.

Storage and protection of your personal data

We take reasonable steps to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and the relevant Regulator(s) such as the ICO of a suspected data security breach where we are legally required to do so.

Where you have a username and password (or other identification information) which enables you to access certain services or Society portals, it is your responsibility to keep this information secure. Please do not share your password with anyone. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to the Society websites; any transmission is at your own risk.

Your rights around your personal data

You have the right to request a copy of the personal data we hold about you. This is known as a right of access.

If you want a copy of your personal data, contact us at [email protected].

Not all personal information is covered and there are ‘exemptions’ which may allow an organisation to refuse to comply with your access request in certain circumstances. In addition, the Society will not provide copies of any emails sent to or received from yourself as you already have received this information. Note that we may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person or if your request is manifestly unfounded or excessive.

We aim to keep your personal data up to date, accurate and complete and we encourage you to contact us if your personal data changes or you are aware that it is not accurate.

You have the right to request the deletion of your personal data where, for example, the personal data is no longer necessary for the purpose for which they were collected, where you terminated consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data or your data has been unlawfully processed.

To request that your personal data is erased permanently, contact us at [email protected].

You have the right to object to the processing of your personal data in certain circumstances. If you would like to submit an objection to the processing of your data, please contact us.

You have the right to request that we restrict the further processing of your personal data in certain circumstances. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests or the processing is unlawful and you elect that processing is restricted rather than deleted. If you would like to submit a request to restrict the processing of your data, please contact us.

You have the right to request that some of your personal data is provided to us, or to another data controller in commonly used machine-readable format in certain circumstances. If you would like to request that your personal data is ported to you, please contact us.

The GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception, we will explain this to you.

If you provide information to us about any person other than yourself, such as your relatives, next of kin, your suppliers or advisors, you must ensure that they understand how their information will be used, and that you have sought their permission for you to disclose it to us and for you to allow us and our third party suppliers to use it.

Contact and complaints

If you would like to contact us about the use of your personal data, or exercising your personal rights then please contact us at:

Email: [email protected]

If you believe that your data protection rights have been breached and we have been unable to resolve your concern, you have the right to report your concern to the Information Commissioner’s Office at https://ico.org.uk/concerns