BIOS

Privacy Policy

The General Data Protection Regulation (GDPR) is an EU regulation which comes into force on 25 May 2018. GDPR influences the way in which we handle personal information and data stored on individuals.

  • Personal data(1) is information about a living individual which is capable of identifying that individual. e.g. names, email addresses, photos.
  • Processing is anything done with/to personal data, including storing it.
  • The data subject is the person about whom personal data is processed.
  • The data controller is the person or organisation who determines the how and what of data processing.

Name and Contact Details of the Data Controller

This Privacy Notice is provided to you by the Council of the British Institute of Organ Studies (โ€œBIOSโ€) which is the data controller for your data. A description of what data is processed and for what purpose is set out in this Privacy Notice. For all data matters (including questions about this Privacy Notice, or to exercise rights, raise queries or complaints), please contact the Secretary:

Name: British Institute of Organ Studies (โ€œBIOSโ€)Address: Ashcroft, 10 Ridgegate Close, Reigate, Surrey, RH2 0HTTelephone Number: 01737 241355

Categories of Data

The data processor will process some or all of the following:

  • Names and titles;
  • Contact details such as telephone numbers, addresses, and email addresses;
  • Where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, education/work histories and academic/professional qualifications;
  • Where you make donations or pay for activities such as BIOS Conferences, financial identifiers such as bank account numbers, payment card numbers and payment/transaction identifiers

The data controller will comply with the legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure.

Use of Personal Data

We use your personal data to enable us to carry out the following purposes:

  • to meet all legal and statutory obligations
  • to send out notices and publications relating to BIOS membership, the planning of BIOS conferences and meetings, the purchase of BIOS publications
  • to administer the BIOS membership records;
  • to maintain our own accounts and records;
  • to process a donation that you have made (including Gift Aid information);
  • to notify you of changes to our services, events and post holders;
  • to send you communications which you have requested which may include information about fundraising, campaigns, appeals, other fundraising activities.

Please note:

  • The data we process is NOT likely to constitute sensitive personal data;
  • Internet cookies are only used as generic session identifiers when visiting our Website, and,
  • Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.

(1The definition in Article 4 of the GDPR is as follows: โ€œโ€˜personal dataโ€™ means any information relating to an identified or identifiable natural person (โ€˜data subjectโ€™); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.โ€ This is likely to cover such items as name, home address and email address. Online identifiers include cookies and IP addresses.

Basis for the use of information

Most of our data is processed because it is necessary

  1. for our legitimate interests in providing a service to BIOS Membership and in fulfilling our obligation to the Charity Commission to keep a proper record of our management and affairs, and
  2. because some of our processing may be necessary for compliance with a legal obligation.

Where your information is used otherwise than in accordance with (1) or (2) we will first obtain your consent to that use.

Categories of recipients

Your personal data will be treated as strictly confidential. It will only be shared with third parties where it is necessary for the performance of our tasks or where you give us your prior consent. It is likely that we will need to share your data with some or all of the following (but only where necessary):

  1. Our agents, servants and contractors. For example, we may ask a commercial provider to send out newsletters and publications on our behalf, or to maintain our database software;
  2. On occasion, other organisations with which we are carrying out joint events or activities.

Retention of data collected

We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits. In general, we will endeavour to keep data only for as long as we need it.
This means that we may delete it when it is no longer needed.

Individual rights

You have the following rights with respect to your personal data:

  1. The right to request information we hold on you
  2. The right to correct and update the information we hold on you
  3. The right to have your information erased
  4. The right to object to processing of your data
  5. The right to data portability
  6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.

Right to complain to the Information Commissioner’s Office (ICO)

You can contact the Information Commissioners Office on 0303 123 1113 or viaย emailย or at the Information Commissionerโ€™s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.