Data protection policy
We are committed to protecting personal data and this policy sets out how we will implement that commitment with respect to the collection and use of personal data. We will ensure that we comply with the eight principles of the Data Protection Act 1998 listed below, and meet the legal obligations set out in the act.
Data protection act principles
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 1998.
- Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the United Kingdom unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
We are registered with the Information Commissioner’s Office. Our registration number is Z5450155.
We are committed to:
- ensuring that data is collected and used fairly and lawfully.
- processing personal data only in order to meet our operational needs or fulfil legal requirements.
- taking steps to ensure that personal data is up to date and accurate.
- establishing appropriate retention periods for personal data.
- ensuring that data subjects' rights can be appropriately exercised.
- providing adequate security measures to protect personal data.
- ensuring that a nominated officer is responsible for data protection compliance and provides a point of contact for all data protection issues.
- ensuring that all staff are made aware of good practice in data protection.
- providing adequate training for all staff responsible for personal data.
- ensuring that everyone handling personal data knows where to find further guidance.
- ensuring that queries about data protection, internal and external to the organisation, is dealt with effectively and promptly
- regularly reviewing data protection procedures and guidelines within the organisation.
In this policy, "us", "we" or "our" means British Ecological Society.
This policy sets out:
- what kind of information we collect;
- how we collect it
- why we collect it
- how we use it
- how we disclose it
- opting in and out
- management and security
- how to seek access to and update your personal information and
- how to contact us.
We are bound by the Data Protection Act 1998. All personal data shall be processed in accordance with the rights of data subjects under this act.
We may, from time to time, review and update this policy, including to take account of new or amended laws, new technology and/or changes to our operations. All personal information held by us will be governed by the most recently updated policy.
This policy was last updated in June 2018.
What information we collect
In general, the personal information we collect about you includes (but is not limited to) your name, contact details (including phone numbers and electronic and postal addresses), and your organisational and employment details if you are a member of staff or fellow.
We also collect information about you that is not personal information. For example, we may collect information relating to your involvement in our grant schemes. We generally use this information in order to be able to contact you and to analyse trends across our grants schemes and to report statistics and data on who is involved and how. We also use this information to allow us to deliver our grants schemes, diagnose problems; target and improve the quality of our grants schemes.
How we collect information
We may collect your personal information from a variety of sources, including from you or your partners.
We may collect your personal information when you register with us as a user of our Grant Management System, complete a funding application or report, participate in our events or when you communicate with us by e-mail, telephone or in writing.
If, at any time, you provide personal or other information about someone other than yourself, you warrant that you have that person’s consent to provide such information for the purpose specified.
Why we collect information
The primary purpose for which we collect information about you is to provide you with information and support relating to the programme. We also collect information us to give you a more personalised experience on our Grant Management System and to get in touch with you regarding news, events, notifications and new funding opportunities within the programme.
We may state a more specific purpose at any point when we collect your information.
If you do not provide us with the information that we request, we may not be able to support you adequately with funding and information. For example, if you do not register as a user of the online applicant portal, you will not be able to access features or services that are reserved for registered users only such as reviewing grant applications and reports and submitting comments and enquiries.
How we use information
In addition to the primary purpose outlined above, we may use the personal information we collect, and you consent to us using your personal information:
- to provide you with news and information
- to support you including to access funding and meet reporting obligations as part of receiving funding
- to personalise and customise your experiences
- to manage and enhance our grant schemes
- to communicate with you, including by email, mail or telephone
- to verify your identify and position
- to investigate any complaints about or made by you, or if we have reason to suspect that you are in breach of any of our terms and conditions or that you are or have been otherwise engaged in any unlawful activity; and/or
- as required or permitted by any law.
How we disclose information
We may disclose personal information, and you consent to us disclosing your personal information, to those involved in the review and assessment of your grant applications.
We may also disclose personal information, and you consent to us disclosing your personal information, to third parties:
- authorised by you to receive information held by us;
- as part of any investigation into you or your activity, for example, if we have reason to suspect that you have committed a breach of any of our terms and conditions regarding funding, or have otherwise been engaged in any unlawful activity, and we reasonably believe that disclosure is necessary to the Police, any relevant authority or enforcement body, or your Internet Service Provider or network administrator;
- as required or permitted by any law.
Opting in or out
At the point we collect information from you will be asked what consent you give us in using or disclosing your personal information, other than in accordance with this policy or any applicable law.
You will be given the opportunity to “opt out” from receiving communications from us or from third parties that send communications to you in accordance with this policy. For example, you will be given the option to unsubscribe from newsletters and other material sent by us. You may “opt out” from receiving these communications by following the instructions on the email or similar.
If you receive communications purporting to be connected with us that you believe have been sent to you other than in accordance with this policy, or in breach of any law, please let us know about this.
Management and security
Other than in relation to Non-Confidential Information, we will take all reasonable steps to protect the personal information that we hold from misuse, loss, or unauthorised access, including by means of firewalls, password access, secure servers and encryption of financial transactions.
However, you acknowledge that the security of communications sent by electronic means or by post cannot be guaranteed. You provide information to us via the internet or by post at your own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, your personal information where the security of information is not within our control.
You acknowledge that we are not responsible for the privacy or security practices of any third party (including third parties that we are permitted to disclose your personal information to in accordance with this policy or any applicable laws). The collection and use of your information by such third party/ies may be subject to separate privacy and security policies.
If you suspect any misuse or loss of, or unauthorised access to, your personal information, please let us know immediately.
Accessing and updating your information and how to contact us
You can seek access to and update the personal information we hold about you. If you make an access request, we will ask you to verify your identity.
Registered users of our online portal will generally be able to access and update their details online.
We request that you keep your information as current as possible so that we may continue to improve the service of the portal and support we can offer you.
If you would like to seek access to personal information we hold about you, or if you have any questions or complaints about how we collect, use, disclose, manage or store your personal information, you can contact us directly: firstname.lastname@example.org