Privacy and cookie policy

We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Personal data is any information that relates to you from which you can be identified by us.

Charity Information

Charity Name:  British Society for Dermatological Surgery
Place of Registration:  England
Registered Office Address:  4 Fitzroy Square, London W1T 5HQ, England
Charity Number:  800213

Your personal information – how do we collect personal information about you and how is your information used?
BSDS is committed to maintaining your personal information in accordance with the requirements of the EU’s General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and will take all reasonable steps to ensure that your personal data is kept secure against unauthorised or unlawful access or accidental loss, disclosure, destruction or damage.

We will process your personal data in ways that enable us to run our operations and manage our relationship with you effectively, lawfully and appropriately, as well as to comply with any legal requirements and pursue the legitimate interests of BSDS. 

Personal information provided to us (name, address, email, etc.) will be used for the purposes outlined at the time of collection or registration, in accordance with the preferences you express (at the point of new registration and/or renewal), and can be processed by us for a number of different purposes including:
• administration of membership (administered by third party, the British Association of Dermatologists, BAD); however the BSDS maintains its own membership data
• fulfilment of orders for goods and services requested, including registration for educational courses, scientific meetings and other events, as well as subscriptions to publications, e.g. the Dermatologic Surgery Journal; BSDS Newsletter
• communication about our membership, events and other activities that we think may be of interest to you (e.g. participate in survey requests, BSDS elections and notification of job offers and new services available to BSDS members);
• abstract/CV/supporting statement submissions;
• awards/fellowships and scholarship applications;
• research and statistical analysis;
• ensuring that all marketing communications you receive from us are relevant, such as tailoring messaging to our existing members and customers and potential members and customers to reflect their interests;
• complying with legal and regulatory requirements;
• verifying your identity when you contact BSDS.

We may collect personal data about you when you contact us via email or telephone and when you use our website, for example when contacting or communicating with us, and we may keep a record of that correspondence. We will also maintain a record of your comments, if you choose to make any comments available through the BSDS website (CMS members area).

By agreeing to become a BSDS member, you are entering into a legitimate interest basis for data processing and at the point of applying for membership the following personal data is collected (via BAD):

Personal details - name, gender, nationality, date of birth, home address, telephone number, email
Professional details - job title, hospital address, GMC number, NTN number
Membership details - membership category

If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that new purpose and any other relevant information.  

Retention of your personal information

We will hold your personal data only for as long as necessary for each purpose we use it. We continually review what information we hold and will delete personal data which is no longer required. 
 

How we use your personal information – Your choices
BSDS always acts upon your choices around what type of communications you want to receive and how you want to receive them. However, there are some communications that need to happen regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our promises to you as a member of BSDS or a buyer of goods or services from us. Examples of this type of communication would be:

A) Membership-related mailings, such as your renewal reminders (administered by BAD on behalf of BSDS) and AGM notices;
B) Transaction notification messaging, such as payment confirmation or Direct Debit collection notifications (BAD on behalf of BSDS);
C) Communications about events you have registered to attend, etc;
D) Communications about forthcoming BSDS organised courses and events which may be of interest to you via our Newsletter or ad hoc email alerts.
E) Maintain and update our membership database

Consent
Where we are processing data based on your consent, we will ensure that you are as fully informed as possible at the time as to how your personal information will be used, with whom it may be shared and how long we will keep it. This is in line with the requirements of the current data protection legislation.
If you have provided consent for the processing of your data, you have the right to withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.  

Your rights
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as, in certain circumstances, the right to data portability.
If, at any time, you wish to update or amend your personal data or preferences, or if you have concerns as to how your data is processed, please write to: 

British Society for Dermatological Surgery (BSDS)
4 Fitzroy Square
Willan House
London
W1T 5HQ
E-mail: info@bsds.org.uk 

You also have to right to ask us, in writing, for a copy of all personal data held about you (this is known as a ‘subject access request’). A copy will be sent to you as soon as possible and no later than 30 days after your request. 

If you wish to raise any complaints on how we have handled your personal data, please contact us, and we will investigate the matter and notify you of our findings and any remedial action taken.  If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO). 

Sharing your personal information – who has access to your information (disclosure policy)?
BSDS may use external third parties to process your personal information on its behalf in accordance with the purposes outlined above. 

BSDS may share your personal information with the following groups where necessary:

  • BSDS employees, members and volunteers
  • The publishers of the Dermatologic Surgery Journal and other relevant publications
  • The printers of the BSDS Newsletter
  • Event participants and/or accommodation provider and suppliers of surgical equipment and/or pharma companies exhibiting their products at our educational courses or scientific meetings
  • Organisers of other relevant events we feel might be of interest to you.

When we allow access to your information, we will always do so under strictly controlled conditions.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with any legal or contractual requirements. In such circumstances, we will put in place safeguards, such as the use of encryption, to ensure the security of your data. 

However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the BSDS for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

We do not sell or rent your personal data to third parties and shall only permit selected third parties to use your data, if you have consented to this either through this privacy policy or by other means.


Links to third party websites
Our website may contain links to other website run by other organisations. This privacy policy applies solely to the personal data collected by BSDS and does not apply to third party websites and services that are not under our control.

We cannot be held responsible for the privacy policies and practices of other third-party websites, so we advise users to read the privacy policies/statements of other websites they are visiting and before registering any personal data.

IP addresses
We may sometimes collect information about the computer or device you use to access our sites, including where available your IP address, operating system and browser type, for system administration.

Security precautions in place to protect the loss, misuse or alteration of your information

  • When you give us personal information, we take steps to ensure that its treated securely.
  • All information you provide to us is stored on secure servers in the European Union. Any payment transactions will be encrypted using SSL technology and any credit, debit card or payment details you submit online will be processed and held by our third-party payment processor. We do not hold credit or debit card data ourselves.
  • Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
  • Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. Although we will do what we reasonably can to protect your personal data and we have had this website security tested by a third party, we cannot guarantee the security of your data transmitted to our site and any such transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to protect your personal data against unauthorized or unlawful access or accidental loss, destruction or damage.

Use of Cookies

Our website uses a content management system (CMS) to allow us to update content and images. Our site is hosted at Rackspace in London and uses Cloudflare to provide a secure barrier that provides complete DDoS protection. The hosting is run by an infrastructure management company called M Group contracted by Maxx Design Ltd to manage the servers and their operation.

We use Google Analytics to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. The User and Event Data Retention within Google Analytics is set to 'Do Not Automatically Expire'. Google Analytics data will be stored indefinitely, subject to acceptance and interaction of Google Analytics cookies.

Cookie

Name

Purpose

More information

Google Analytics

_gat

_ga

_gid

AMP_TOKEN

_Gac_

_utma  

_utmt  

_utmb 

_utmc  

_utmz  

_utmv  

 

These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information, including IP address, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

Click here for an overview of privacy at Google

Cookie

Name

Purpose

More information

Cloudflare

_cfduid

 

The _cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis

 

https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help us analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for our website operators and providing other services relating to website activity and internet usage.

Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google's behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website

To opt-out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout
 

Our website works better with cookies enabled. Our cookies don't give us, or anyone else, access to your personal data. We advise you to keep cookies enabled. However, you can choose to reject cookies. There are instructions on how to delete cookies on the 'About Cookies' website.

For more information about how Maxx Design Ltd processes data, please view their Privacy Policy . For more information about how Cloudflare processes data please view their Privacy Policy 

Review of this Policy

This page will hold the latest information regarding our privacy and fair processing notification and we will refer to it when we ask you for your consent.

This page will be updated from time to time to reflect the latest view of what we do with your data and you should check this page to make sure that you have seen the latest version.

This policy was last updated in April 2018.