It tells you about your rights in relation to your personal data and how the law protects you. Also covers is how to contact us and the authorities in the event you have a complaint.
Who we are
We collect, use and are responsible for certain personal data about you within the ISCoS Website. We are regulated under the General Data Protection Regulation which applies across the European and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
What data is collected by us
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed which is classed as anonymous data.
During your visit to and interaction with our the ISCoS Website, we have collected a variety of information. This personal data falls into these two categories:
Contact data includes addresses, email address and telephone numbers when provided through an enquiry form, or profile form
Technical data includes browser type and version, location, operating system and platform and other technology on the devices you use to access the ISCoS Website.
Aggregated data through a web analytical service called Google Analytics which provides statistical or demographic data. Aggregated data however is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate usage data to calculate the percentage of users accessing a specific website page or which days have more visitors.
How is your personal data collected?
We use different methods to collect data from and about you including:
Direct interactions - You may give us your identity, contact and any other data by filling in forms or by interacting with the ISCoS Website.
This includes personal data you provide when you update your user profile.
Automated interactions - As you interact with us, we may automatically collect Technical Data about your device, browsing actions and patterns. We may also collect Tracking Data when you use our ISCoS Website. We also receive data about you from our analytic provider though this does not identify you.
How and why we use your personal data
Under data protection law, to comply with our legal and regulatory obligations, we can only use your personal data if we have a valid reason for doing so.
For example, when you make an enquiry with us, you provide us with your contact information to respond to you.
What we use your personal data for our reasons
- For Membership purposes within the ISCoS Website
- To make contact with you through email or by telephone
- Notification of any changes to our services
- Marketing communications that may be of interest (only where consent has been given)
Third party data collection
Links to external sources and third party sites such as LinkedIn, Twitter and Facebook may exist from this website. They may request your personal data and we cannot take responsibility once you leave our site.
Who we share your personal data with
Outside of our company, we only share data with a third party supplier for the purpose of offsite data backup. All such backups are transmitted and stored in encrypted form (so not readable) in a location within the United Kingdom.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
Whilst third party organisations related to IT and software maintenance may have temporary visibility of your information, these organisations do not have permission to use your data and will only be given access if required.
If you wish to discuss this further, please contact us email@example.com
We will not sell or lease your personal information to any third parties.
How long your personal data will be kept
We will keep your personal data for as long as is deemed necessary under the terms of your employment. We will do so for one of these reasons:
- Membership purposes with ISCoS.
- To respond to any questions, complaints or claims made by you or on your behalf.
- To show that we treated you fairly.
- To keep records required by law.
Under the General Data Protection Regulation, you have the following rights, which at any time you can exercise:
Right of access
You have the right to be provided with a copy of your personal data
You have the right to require us to correct any mistakes in your personal data
You have the right to be forgotten - The right to require us to delete your personal data in certain situations
Restriction of processing
You have the right to require us to restrict processing of your personal data
You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format
The right to object
You have the right to object in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests.
Keeping your personal data secure
We have appropriate security measures in place to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
When communicating with us by email you should ensure that you take all reasonable precautions to protect any sensitive personal data.
A cookie is a small piece of information that a site puts on your device so that it can remember something about you when you return at a later time. It is a mechanism that allows the server to store its own information about a user on the user's own computer.
In order to use the site, you agree to let cookies be saved as they are an important part of navigation of the site and remembering your profile.
Third party cookies used on the site.
Google Analytics is a service that generates detailed statistics about our website visitors. Their cookies typically store anonymous information such as whether a visitor has been to the site before, the time of the current visit and what was the referrer site the visitor.
How to complain
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
The supervisory authority in the UK is the Data Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us
Please contact us if you have any questions about this privacy notice or the data we hold about you.
If you wish to contact us, please send an email to firstname.lastname@example.org, or write to ISCoS National Spinal Injuries Centre, Stoke Mandeville Hospital, Aylesbury, Buckinghamshire, HP21 8AL, United Kingdom or call (+44) 01296 315866.
Changes to this privacy notice
This privacy notice was published on 22nd May 2018 and last updated on 22nd May 2018.
We may change this privacy notice from time to time, when we do we will inform you.