Everyone has rights about how their personal data is handled. During the course of our activities, we will collect, store and process personal data about our members, suppliers, and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in The Physiological Society.

This notice sets out the basis on which any personal data we collect from you, or that you provide, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of UK data protection laws, the data controller is The Physiological Society (‘the Society’) of Hodgkin Huxley House, 30 Farringdon Lane, London EC1R 3AW.

Data protection principles

When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal data must be:

• processed lawfully, fairly, and in a transparent manner,
• processed for specified, explicit, and legitimate purposes,
• adequate, relevant, and limited to what is necessary,
• accurate and kept up-to-date,
• kept for no longer than is necessary, and
• processed in a manner that ensures appropriate security.

Information you give to us

You may give us information (such as your name, organisation details, address, email address, phone number, bank account details, your photograph) by:

• filling in forms on our website, including applications as a prospective member or trustee, nominations for external opportunities supported by us, and newsletter subscriptions,
• registering for and attending our events,
• applying for our grants,
• submitting journal papers with us,
• giving us your business card,
• corresponding with us by phone, email, letter or otherwise.

We may use the information you give to us for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

When the legal basis is consent:

• this must be obtained from the person or persons who have parental responsibility for the child if the child is aged 12 or under. This can include a Local Authority if a child is registered as looked after.
• this may be obtained from a child aged 13-16 where the child is considered to have the capacity to understand what giving consent means and is able to give their own consent.

As stated in the table above, it is a legal obligation for you to provide us with certain information. If you do not provide us with that information, we may not be able to provide our services to you.

It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may not be able to perform the contract.

All other information you give us is given entirely at your discretion. If you do not provide that information, then we may be unable to provide a comprehensive service.

Each journal uses a submission and peer review web platform designed to facilitate the manuscript submission and peer review process. It collects Personally Identifiable Information (“PII”) such as name, email address, telephone number, postal address, organisational affiliation, areas of expertise, IP address, and system usage. This PII information is collected to secure the site, ensure that there are no conflicts of interest during the peer review process, address ethics violations, facilitate communications regarding manuscript submissions and peer reviews, and to track/report on submissions and system usage. This PII information will be shared with the data controller (The Society), editors, editorial staff, and others that participate in the peer review process. If a manuscript submission is accepted for publication, PII information is also shared with external vendors such as publishers, printers, hosting companies to facilitate the publication process. PII information used in relationship to a manuscript submission or peer review is stored indefinitely (or as otherwise specified by the journal’s data retention policy) in order to address future ethics concerns or violations.

Information we collect about you from other sources

When you visit our website, we may collect information about you (such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform.

When you visit our website, using a mobile device, we may collect information about you (such as country code, language, device name, operating system name and version, and location data).

We may also collect information about you by conducting searches of public records (e.g. Companies House), or in the process of confirming your identity.

We may use the information we collect about you for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

‘Special category’ data

During the course of dealing with you, we may collect information about you relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data (such information is known as ‘special category’ data).

This is most likely to occur, for example, if you apply to become a member or trustee or apply for a grant, and:

• it is necessary for our equality and diversity monitoring
• we provide dietary requirements for catering at our event
• we use disability information to ensure accessibility requirements for our events

We will use any ‘special category’ data that we collect about you to monitor and improve the diversity of our membership as necessary to further our purposes to promote the advancement of physiology and supporting education and outreach activities, under one of the aforementioned legal basis for processing the data and:

• we have your explicit consent to use it, or
• we need to use the data to protect your vital interests where you are not able to provide us with your explicit consent, or
• we need to use the data of our members, former members, and our regular contacts in connection with the legitimate activities of our purposes and not to be disclosed outside our organisation without your consent, or
• you have previously made that data public, or
• we need to use the data to establish, exercise or defend legal claims, or
• we need to use the data in connection with public interests related to public health, or
• we need to archive the data for public interest, scientific, or historical research purposes, or statistical purposes.

Disclosure of your information to third parties

You agree that we have the right to share your personal information with:

• Official Society local institutional representatives
• Charity Commission;
• Companies House;
• third parties with whom we are collaborating;
• our CRM provider;
• our auditors;
• Website hosts;
• Online platform providers;
• Print and design companies;
• Web design agencies;
• Email marketing platforms;
• Online survey systems;
• Abstract submission systems;
• Manuscript submission systems;
• Our publisher
• selected third parties including:
  • business partners, customers, suppliers and sub-contractors such as mailing houses and agencies, to the extent we reasonably consider that it is in your best interests for us to do so, or it is necessary for our legitimate business interests; and
  • analytics and search engine providers that assist us in the improvement and optimisation of our site;

We will disclose your personal information to third parties:

• in the event that we enter into negotiations to sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
• if we or substantially all of our assets are acquired by a third party, in which case personal data held by it about you will be one of the assets transferred to the third party; or
• if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract between you or us, or our website terms of use, or to protect the rights, property, or safety of The Physiological Society, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Identifying you as a member

We may publish your name, photo and/or video which identifies you as a trustee or member of The Physiological Society in our marketing material or in public directories, although we will never publicly disclose any confidential information without having obtained your prior consent. We will also add your name and contact details to our member directory; the directory is not available to the public and is viewable only by other members.

If you do not agree to us identifying you in this way, please notify us by writing to the address at the top of this policy, or by emailing us at contactus@physoc.org.

Where we store your personal data

All information you provide to us is stored on our secure platforms in the UK, EU and USA.

We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:

• Credit cards. We do not store any credit card details within our systems and are fully PCI compliant.
• Entry controls. Only authorised individuals are able to access our premises.
• Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
• Methods of disposal. Paper documents are disposed of in a manner that ensures confidentiality.
• Equipment. Our internal policies ensure that our computer systems lock when it is unattended.
• Passwords. Our system passwords are changed every year

Some of the data that we collect from you may be transferred to and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom who work for us, our group companies or for one of our suppliers. This includes staff engaged in, among other things the provision of services. By submitting your personal data, you agree to this transfer, storing or processing. If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How long we will store your personal data

The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:

Your rights

You have various legal rights in relation to the information you give us, or which we collect about you, as follows:

• You have a right to access the information we hold about you free of charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
• You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
• You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
• You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
• You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
• Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest that overrides your interests, rights, and freedoms.
• Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
• You have the right to object to us using/storing your information for direct marketing purposes.

If you wish to exercise any of your legal rights, please contact us by writing to the address at the top of this policy, or by emailing us at contactus@physoc.org.

You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.

Automated decision-making

We do not use automated decision-making processes.

Changes to our policy

Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email. Please check our website frequently to see any updates or changes to our policy.

Contact

Questions, comments, and requests regarding this policy are welcomed and should be emailed to us at contactus@physoc.org.

Last update: November 2024