We have created this statement to demonstrate our firm commitment to your privacy and to handling the personal information you give us responsibly and in accordance with the law.
It covers how we will handle information we learn about you from your interactions with the British Geriatrics Society (BGS), including through our website or by email. These interactions will, for example, relate to your current or past membership applications or renewals, your current or past registrations or subscriptions to our services (such as events), and your membership of specific groups, such as BGS Councils, special interest groups, sections, and other BGS groups.
The personal information we collect is held and used in accordance with the EU General Data Protection Regulations (GDPR) and the UK Data Protection Act 2018.
1. Our legal basis for controlling and processing your personal information
Our legal basis for controlling and processing your personal information is that we have a legitimate interest in so doing, namely that is of benefit to the Society’s charitable purposes, for example, in enabling us to provide you with member benefits or services as a non-member; we will use your data in ways you would reasonably expect and which have a minimal privacy impact.
On becoming a BGS member, creating an account to use our online services and/or signing up for one of our email lists, you will have consented to the BGS sending you the kinds of information you have requested. If you are a member you will receive regular weekly email communications, under legitimate interest, arising from your membership. You can unsubscribe at any time from these communications (see the ‘Opt-out’ section below).
We may sometimes use your personal information in order to comply with a legal obligation or, more rarely, where it is necessary to protect the vital interests of you or another person.
2. Staff team lead officer
We do not employ a designated Data Protection Officer, but the Chief Executive, Sarah Mistry, is responsible for ensuring BGS’s compliance with data protection regulations. You can contact her at ceo [at] bgs [dot] org [dot] uk
3. What the BGS does with your data
The BGS will:
- Only use your personal data for the purposes for which it was collected
- Only keep it for as long as it is needed
- Ensure that it is held securely
- Maintain records on your current and past standing as a member of the BGS or user of BGS services, in order to provide you with membership of the Society, information about products and services such as events, and details of BGS activities. If your membership of the Society ceases, we will retain your membership data for six years after which it will be deleted
- Maintain records of your membership of BGS Councils, special interest groups, sections, other BGS groups, and attendance at our events. We do this in order to fulfil our obligations to Continuing Medical Education audits, to market BGS events and other services, and to maintain accurate records of membership of BGS Councils, special interest groups, sections, and other BGS groups
- Share information across BGS departments to improve our communications and services
- Share member contact details with the Oxford University Press who mail out the Age and Ageing journal, and with our mailing house, currently BKT, who mail out the BGS Newsletter
- Only release your information in accordance with your mailing preferences. Please amend your contact preferences on your profile https://bgs.org.uk/user or contact the membership team at membership [at] bgs [dot] org [dot] uk
The BGS will not:
- Sell your personal data to anyone
- Share your personal data with any third parties (other than Oxford University Press and BKT as explained above) unless you have agreed this in advance, for example, through your mailing preferences on your profile [https://bgs.org.uk/user]
- Share your personal data with any commercial third parties without your explicit consent
- Knowingly transfer your data to countries outside the EEA where no full written agreements are in place, which includes GDPR requirements. Currently, only the only data passed outside the EEA is via card payments with our payment processor, Stripe.Inc. You can find more information here https://stripe.com/dpa/legal#data-transfers
- As a general rule, we will not seek to collect or use particularly sensitive information about you, which the regulations refer to as ‘special category data’ (for example, ethnicity, religion, sexuality, health status). However, if you have applied for discounted BGS membership fee because of maternity leave or long term ill health, by providing us with those details you will have consented to us recording them and using them to ensure you have the correct membership fee.
4. Privacy and our website
We value your privacy and want you to feel confident about using our website. We are committed to safeguarding your privacy when you use the site. We collect information about you and your visits to the website to help enhance your online experience and to send you information about BGS activities and services.
We will not obtain personally-identifying information about you when you visit our site, unless you choose to provide such information to us. Providing such information is entirely voluntary. Except as required by law, we do not share any personally-identifying information we receive with any outside parties. If you sign up for one of our email lists, we will only send you the kinds of information you have requested. You can unsubscribe at any time from these communications.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow you some control of most cookies through the browser settings or through free software such as Super-Antispyware or Cleaner. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit the All About Cookies website at http://www.allaboutcookies.org
Our webserver records your visits to help us understand how you use the site, so we can improve the site and provide better services.
Use of links
Throughout our web pages, we provide links to other sites which may contain information of interest to our site visitors. We take no responsibility for, and exercise no control over, the organisations, views, or accuracy of the information contained on other servers. Creating a text link from another website to our own website does not require permission.
Online Profile Updates and Donations
If you complete the myBGS profile form and share your personally identifying information, this information will be used only to provide you with relevant information about our services. We may use your contact information to send further information about the Society or to contact you when necessary. You may always opt-out of receiving future mailings; see the "Opt-out" section below.
Sending us an Email
You also may decide to send us personally-identifying information, for example, in an electronic mail message containing a question or comment, or by filling out a Web form that provides us with this information. We use personally identifying information from email primarily to respond to your requests. We may forward your email to other BGS employees or Honorary Officers who are better able to answer your questions. With your prior consent, we may also use your email to contact you in the future about our services that may be of interest.
5. Opt-out or change your contact information
Our website provides users with the opportunity to opt-out of receiving communications using the link in emails from us or through via your online account https://bgs.org.uk/user. You will need to log in and select Update Communication preferences. You may choose to receive only specific communications or none at all. You may also update your contact information previously provided to us through other online forms.
6. Your rights
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
- Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate
- Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it
- Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your information for direct marketing purposes
- Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it
- Ask us to transfer your personal information to another person or organisation.
If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact Sarah Mistry, Chief Executive, at ceo [at] bgs [dot] org [dot] uk . Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.
7. Questions about our privacy statement and our data protection policy
If you have any questions about this privacy statement, or any other questions about how BGS protects your personal data, please contact the Chief Executive, Sarah Mistry: ceo [at] bgs [dot] org [dot] uk.
8. Reporting of personal data breaches
The Office of the Information Commissioner defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.”
If you suspect that such a breach by BGS may have occurred, you should contact the Chief Executive, Sarah Mistry, without delay by telephoning 020 7608 1369; in her absence ask to speak to one of the other senior managers. We will do our utmost to investigate the matter urgently and robustly, and should a breach have occurred, to contain any further breach.
Where for any reason we become aware of a personal data breach which risks anyone’s rights and freedoms, we will fulfil our legal obligation to report this to the Information Commissioner’s Office within 72 hours.
9. Where to go for further, general information about Data Protection Regulations
There is a wealth of accessible information on the website of the Office of the Information Commissioner: https://ico.org.uk .