The Physiological Society fair processing notice

We are committed to protecting and respecting your privacy.

Everyone has rights with regard to the way in which their personal data is handled. During the course of our activities we will collect, store and process personal data about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.

This privacy statement sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

For the purpose of UK data protection laws, the data controller is The Physiological Society of Hodgkin Huxley House, 30 Farringdon Lane, London EC1R 3AW. 

Data protection principles

When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal data must be:

  • processed lawfully, fairly and in a transparent manner,
  • processed for specified, explicit and legitimate purposes,
  • adequate, relevant and limited to what is necessary,
  • accurate and kept up-to-date,
  • kept for no longer than is necessary, and
  • processed in a manner than ensures appropriate security.

Information you give to us

You may give us information (such as your name, company details, address, email address, phone number, bank account details, your photograph) by:

  • filling in forms on our website, including nomination as a prospective trustee, or member, nominations for external opportunities supported by us, and newsletter subscriptions, 
  • communicating an interest in or registering for a membership with us,
  • registering for and attending our events,
  • applying for our grants,
  • submitting journal papers with us,
  • giving us your business card,
  • corresponding with us by phone, email, letter or otherwise.

We may use the information you give to us for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

Purposes for which we will use the information you give to usLegal basis for processing
To maintain our statutory records as an organisation.It will be necessary for us to comply with a legal obligation to which we are subject under the Companies Act 2006 and the Charities Act 2011 and any other relevant legislation.
To enable us to facilitate you joining our organisation, ongoing membership and responding to enquiries regarding your membership and services we offer.It will be necessary for the performance of the contract between you and us.
To provide you with information or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposesIf by email or SMS we will only do this if you give us your consent by some specific, informed and unambiguous method.
To notify you about information or changes to your membership, provide members with our printed membership magazine Physiology News, or to provide you with information or services that you request from us or which we feel may interest you. This may be carried out by post or phone.It will be necessary for our legitimate interests to ensure you are aware of information and updates to events and related services we provide, or may provide, to you.
To assist us in responding to whatever query or interest you have expressed.It will be necessary for our legitimate interests, namely satisfying your concerns and ensuring we provide a complete service.
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of the goods and services we provide you and others, and to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or themIt will be necessary for our legitimate interests to ensure you receive the best experience possible when accessing and using our website.
To perform our peer review and operate our journal publications.It will be necessary for the performance of the contract between us and authors and/or reviewers.
To send information about our events to attendees and delegates.It will be necessary for our legitimate interests, namely to ensure you are aware of information and updates to events.
To process grant applications.It is necessary for our legitimate interests, namely to determine eligibility for the grant.
To evaluate grant applicationsIt will be necessary for the performance of the contract between us and grant recipients in order for us to evaluate the effectiveness of the grants we issue.
To provide references to our members in order to support their nomination to key bodies.We will only do this if you request us to do so and if you give us your consent by some specific, informed and unambiguous method.
To use photos taken at our events by ourselves or by a photographer we have hired in order to promote The Society.It will be necessary for our legitimate interests, namely to report on our events and make members and attendees aware of upcoming events and related services we provide.
To maintain a database of all of our members which will be available to view to other members.It will be necessary for our legitimate interests, namely to promote peer to peer collaboration and strengthen our membership network.
Any other purpose that we notify to you, but are not expressly listed in this table.We will only do this if you give us your consent by some specific, informed and unambiguous method.


When the legal basis is consent:

  • this must be obtained from the person or persons who have parental responsibility for the child if the child is aged 12 or under. This can include a Local Authority if a child is registered as looked after.
  • this may be obtained from a child aged 13-16 where the child is considered to have capacity to understand what giving consent means and is able to give their own consent.

As stated in the table above, it is a legal obligation for you to provide us with certain information. If you do not provide us with that information, we may not be able to provide our services to you.

It is also a contractual requirement for you to provide us with certain information. If you do not provide us with that information, we may not be able to perform the contract.

All other information you give us is given entirely as your discretion. If you do not provide that information, then we will be unable to provide a comprehensive service.

Information we collect about you from other sources

When you visit our website, we may collect information about you (such as the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform..

When you visit our website, using a mobile device, we may collect information about you (such as country code, language, device name, operating system name and version, location data).

We may also collect information about you by conducting searches of public records (e.g. Companies House), or in the process of confirming your identity.

We may use the information we collect about you for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

Purposes for which we will process the information collected via a third partyLegal basis for processing
To obtain further information about you, any organisation you represent, with a view to us entering into a contract with you or the organisation you representIt will be necessary for our legitimate interests to ensure we are fully aware of all issues relating to you and your organisation that is the subject of the information and services you have expressed an interest from us.
To process nomination applications from third parties for specific society roles, such as Honorary Membership, and for consideration for the award of Society prizes and symposia.It is necessary for our legitimate interests to evaluate the eligibility of nominees.
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of the goods and services we provide you and others, and to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or themIt will be necessary for our legitimate interests to ensure you receive the best experience possible when accessing and using our website.

 

Cookie policy

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. You can change the settings on your internet browser to restrict the amount of information that we can collect when you visit our website. If you do not allow us to collect this information, then we may be unable to offer you the best experience possible when accessing and using our website.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies and have set out the purposes for which we use them in the tables below.

Main website (physoc.org) and Europhysiology 2018 (europhysiology2018.org)

Cookie namePurposeExpiry
SESS[unique ID]This cookie is set by the website when a user logs into the site and is an essential cookie for the operation of the membership area. By becoming a member of the site you accept the terms of usage, including the setting of cookies.End session
Has_jsThis cookie checks whether you have javascript enabled. It is deleted when you close your browser.End session
_gaGoogle analytics: Used to distinguish users.2 years
_gatGoogel analytics: Used to throttle request rate.1 hour
_gidGoogle analytics: Used to distinguish users.24 hours
NIDDoubleclick: The NID cookie contains a unique ID that Google uses to remember your preferences and other information, such as your preferred language (e.g. English), how many search results you wish to have shown per page (e.g. 10 or 20) and whether or not you wish to have Google’s SafeSearch filter turned on.6 months
DVGoogle: Used to track what sites you visit when logged into your Google accountEnd session
_tlyRemembers if you are logged in to the siteEnd session
Uid, vc, mus, ssh, ssc, sshsAddthis: Social sharing buttons1 year
RTLinkedInEnd session
_twitter_sess, personalization_id, guest_id, external_refrerer, ct0Twitter: social sharingEnd session, 2 years, 2 years, 1 week, same day

 

Portal website (portal.physoc.org)

Cookie namePurposeExpiry
ASPXANONYMOUSCookie that stores a unique ID for anonymous usersThe default is 100000 minutes (69 days, 10 hours, and 40 minutes).
.DOTNETNUKEStores a unique ID for the logged in userbrowser session
ASP.NET_SessionIdStores a unique ID for the current sessionbrowser session
authenticationThe type of login - DNN/SSObrowser session
Dnn_IsMobileStores True/False for whether the user is currently using a mobile devicebrowser session
languageStores the current portal language (e.g. EN-US)browser session

Please note that third parties (including, for example, social media platforms, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

‘Special category’ data

During the course of dealing with you, we may collect information about you relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data (such information is known as ‘special category’ data).

This is most likely to occur, for example, if you apply to become a member or trustee, or apply for a grant, and:

  • it is necessary for our equality and diversity monitoring
  • we provide dietary requirements for catering at our events
  • we use disability information to ensure accessibility requirements for our events

We will use any ‘special category’ data that we collect about you in order to monitor and improve the diversity of our membership as necessary to further our purposes to promote the advancement of physiology and supporting education and outreach activities, under one of the aforementioned legal basis for processing the data and:

  • we have your explicit consent to use it, or
  • we need to use the data to protect your vital interests where you are not able to provide us with your explicit consent, or
  • we need to use the data of our members, former members, and our regular contacts in connection with the legitimate activities of our purposes and not to be disclosed outside our organisation without your consent, or
  • you have previously made that data public, or
  • we need to use the data to establish, exercise or defence legal claims, or
  • we need to use the data in connection with public interests related to public health, or
  • we need to archive the data for public interest, scientific, or historical research purposes or statistical purposes.

Disclosure of your information to third parties

You agree that we have the right to share your personal information with:

  • Charity Commission;
  • Companies House;
  • third parties with whom we are collaborating;
  • our member directory;
  • our auditors and quality assurance assessors;
  • Web hosting companies such as Rackspace;
  • Online cloud providers such as Dropbox;
  • Print and design companies such as Adept design and Lavenham Press;
  • Web design agencies such as Itineris and MooreWilson;
  • Email marketing platforms such as Mailchimp;
  • Online survey systems such as SurveyMonkey;
  • ScholarOne Abstracts;
  • EJournal Press;
  • ScholarOne Manuscript
  • Wiley
  • selected third parties including:
    • business partners, customers, suppliers and sub-contractors such as mailing houses and agencies, to the extent we reasonably consider that it is in your best interests for us to do so, or it is necessary for our legitimate business interests; and
    • analytics and search engine providers that assist us in the improvement and optimisation of our site;

We will disclose your personal information to third parties:

  • in the event that we enter into negotiations to sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets;
  • if we or substantially all of our assets are acquired by a third party, in which case personal data held by it about you will be one of the assets transferred to the third party; or
  • if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any contract between you or us, or our website terms of use, or to protect the rights, property, or safety of the Physiological Society, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Identifying you as a member

We may publish your name, photo and/or video which identifies you as a trustee or member of the Physiological Society in our marketing material or in public directories, although we will never publicly disclose any confidential information without having obtained your prior consent. We will also add your name and contact details to our member directory; the directory is not available to the public and is viewable only by other members.

If you do not agree to us identifying you in this way, please notify us by writing to the address at the top of this policy, or by emailing us at contactus@physoc.org.

Where we store your personal data

All information you provide to us is stored on our secure platforms in the UK, EU and USA. 

We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:

  • Credit cards. We do not store any credit card details within our systems and are fully PCI compliant. 
  • Entry controls. Only authorised individuals are able to access our head office. 
  • Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
  • Methods of disposal. Paper documents are disposed of in a manner that ensures confidentiality.
  • Equipment. Our internal policies ensure that our computer systems lock when it is unattended. 
  • Passwords. Our system passwords are changed every year

Some of the data that we collect from you may be transferred to, and stored at, a destination outside the United Kingdom. It may also be processed by personnel operating outside the United Kingdom who work for us, our group companies or for one of our suppliers. This includes staff engaged in, among other things the provision of services. By submitting your personal data, you agree to this transfer, storing or processing. If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How long we will store your personal data

The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:

Legal basisLength of time
Where we use/store your data because it is necessary for the performance of the contract between you and usWe will use/store your data for as long as it is necessary for the performance of the contract between you and us
Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subjectWe will use/store your data for as long as it is necessary for us to comply with our legal obligations
Where we use/store your data because it is necessary for our legitimate business interestsWe will use/store your data until you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data overrides your interests, rights and freedoms, then we will continue to use and store your data for as long as it is necessary for the performance of the contract between you and us (or, if earlier, we no longer have a legitimate interest in using/storing your data)
Where we use/store your data because you have given us your specific, informed and unambiguous consentWe will use/store your data until you ask us to stop

 

Your rights

You have various legal rights in relation to the information you give us, or which we collect about you, as follows:

  • You have a right to access the information we hold about you free of charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
  • You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
  • You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
  • You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
  • You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
  • Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
  • Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
  • You have the right to object to us using/storing your information for direct marketing purposes.

If you wish to exercise any of your legal rights, please contact us by writing to the address at the top of this policy, or by emailing us at contactus@physoc.org.

You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.

Automated decision-making

We do not use automated decision-making processes.

Changes to our policy

Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email. Please check our website frequently to see any updates or changes to our policy.

Contact

Questions, comments and requests regarding this policy are welcomed and should be emailed to us at contactus@physoc.org.

 

Last update: April 2018