Association of University Radiation Protection Officers
Privacy Notice
This Privacy Notice has been issued by the Executive Committee of the Association of University Radiation Protection Officers.
Version: 1.0 Issued: 10/04/2019 Changes: New Privacy Notice
Version: 2.0 Issued: 20/02/2021 Changes: Updated to include Harris Associates
Introduction
The Association of University Radiation Protection
Officers (“AURPO”, “The Association”, “we”, “us”, “our”) aims are:
To
promote and advance the science and skill of radiation protection as applied to
the tertiary education and research environments;
To
encourage, develop, support and advance the knowledge and understanding of its
members in the field of radiation protection;
To
promote the appropriate and safe use of radiation in tertiary education and
research, and;
To
represent the interests of its members through liaison with relevant national
bodies, professional organisations and regulatory authorities.
We do this by:
Running The
Association as a membership in order to provide information, guidance,
resources, workshops / conferences (events), and communications via post,
e-mail and the AURPO website.
Individuals that interact with The Association may be
current members, former members, affiliate members, and other people with whom
The Association has a relationship. The Association recognises the importance
and value of your Personal Data and is committed to ensuring that it is
processed in-line with Data Protection Legislation and The Association’s
Constitution. The purpose of this Privacy Notice is to set out, for the benefit
of current members, former members, affiliate members, and other parties
engaged with AURPO, how your Personal Data will be managed by the Association.
This Privacy Notice lets you know what happens to your Personal
Data when you give it to AURPO and how we process it in a lawful, fair and
transparent manner.
It
contains important information about your privacy rights, so please read it
carefully.
What kinds of Personal Data do we Process?
The exact nature of the data we may process (in other words, collect and use) will depend on which aspect of our work you are connected with. Personal data that we may process in connection with our work (outlined above) could, where relevant, include:
Personal and contact details (i.e. full name, job title, address, phone number, e-mail address(s)).
Membership information (i.e. AURPO ID Number, date commenced, level, payment status, AURPO Regional Group, professional interests).
Other biographical information (i.e. qualifications, membership level of other societies / organisation etc.)
A record of our communications with you.
Guidance and services you have received from us, and have been interested in.
Analysing data about guidance, campaigns, events or services which help us to target / tailor communications that we think are of interest or relevance to you.
Online surveys that capture information you wish to feedback to us about events you have attended, how The Association is run, for the provision of guidance, or to feedback views / comments to relevant radiation protection related bodies (i.e. the Health and Safety Executive, Environment Agency, the RPA / RWA / MPE assessment body (currently RPA2000).
Photographs you supply for your AURPO website profile.
Photographs taken at AURPO events you attend
Any other personal data shared with us via electronic communication (i.e. e-mail or via the AURPO website forum(s)) or, via printed communications; in accordance with this notice.
What Sensitive Personal Data do we Collect?
Health
data (that we only collect and use when providing events that you sign up to
attend, i.e. food allergy information and mobility impairments). This
information may not directly describe your health, but health information about
you may be inferred from it.
What is the Source of your Personal Data?
We collect personal data from
the following sources:
From
you directly.
From
information generated when you use our: guidance, resources, register for workshops
/ conferences (events), and send communications.
From
our partner societies (i.e. The International Radiation Protection Association
(IRPA), The Society for Radiological Protection (SRP), The Institute of Physics
and Engineering in Medicine (IPEM), the RPA / RWA / MPE assessment body
(currently RPA2000).
When
you visit our website we automatically collect technical information such as
your IP address login / logout times, password resets. We also collect and use
your personal data via cookies – please see our Cookies
Policy.
In general, we may combine
your personal data from these different sources for the purposes described in
this notice.
What do we use your Personal Data for?
We use your Personal Data for
the purposes specified in this notice, for both members and non-members, including:
To run The Association we will contact members as specified in The Association’s Constitution.
To administer memberships, processing membership fees and member benefits, including access to the Members Area of the website, and administration of accounts.
Providing services related to your membership including the promotion of: guidance, resources, events and sending relevant communication such as notifications of national / international changes guidance / standards / legislation.
For Affiliate members, promoting your company at events and publicly on our website.
Providing services to you that you have registered for, such as events.
Providing delegates and attendees of the attendance list of an event for professional networking.
Updating your records.
To carry out and / or test the performance of, our guidance, resources and internal processes.
To improve the operation of The Association and that of our partners.
To follow guidance or comply with governmental and regulatory bodies.
For management and auditing of our operations including accounting.
To monitor and to keep records of our communications with you.
For raising awareness of radiation protection.
For promoting communications to help us to offer you relevant information and job adverts from other members (including Affiliates), Partner Societies and related institutions / governmental and regulatory bodies.
To develop, improve or review our existing or upcoming guidance, resources, events and communications with you.
To administer our website.
Facilitating professional networking by giving members (excluding affiliates) access to a limited membership list.
For the prevention of fraud or misuse of services.
For the establishment, defence and / or enforcement of legal claims.
What is the Legal Basis for the Processing of your Personal Data?
Legitimate Interests
We process you Personal Data where it is in our legitimate interests to do so, provided our use is fair, balanced and does not unduly impact on your rights. Our legitimate interests generally include operating as a membership association, as specified in The Association’s Constitution, in pursuit of our aims and involving non-members in events such as speakers, exhibitors and honorary guests. A Legitimate Interests Assessment was carried out in April 2019.
Explicit Consent
When registering for events we will request your Explicit Consent to collect and process your Sensitive Personal Data such as Health Data that relates to your food allergies and mobility impairment(s). This is so we can make the necessary adjustments to meet your needs.
Contract
Where non-members register for services provided by The
Association, we will collect Personal Data provided to us. We will only collect
and process Personal Data that is required to fulfil our contractual
obligations with you when we organise events such as the Annual Conference.
Who do we Share your Personal Data with?
We share some of your Personal
Data with relevant organisations that are necessary to provide membership
related services to you.
The organisations with whom we
share data also have an obligation to tell you how they will use your
information. We advise you to look at their privacy notices / policies. If you
require any assistance with this, please contact us at: enquiries@aurpo.org.uk
Harris Associates
We disclose data to our contracted administration provider, Harris Associates who support The Association with various important administrative tasks such as conference preparations and bookings, communications, newsletter, website, and membership administration. The Personal Data shared with Harris Associates is limited to data they require to fulfill the contract between The Association and themselves.
The Society for Radiological Protection
We disclose data to our
Partner Society, The Society for Radiological Protection (SRP), in order to
provide you with SRP International Membership which entitles you to additional
benefits with SRP, including Affiliation to the International Radiation
Protection Association (IRPA). The information shared will be limited to your
name, e-mail address and AURPO membership status.
Event Venues
When we run events such as the
Annual Conference, we share your Personal Data with organisations that host the
events. For example, by registering to attend the Annual Conference, we will
share relevant Personal Data with the host organisation / venue provider, so suitable
and sufficient services can be delivered to you for the duration of the event.
This may include Personal Data that is needed to provide you with accommodation
and meals, if you have registered for these features.
You may also supply us with
Sensitive Personal Data such as Health Data relating to food allergies and
mobility impairments. We will share this information with organisations that
host our events so you are given the provisions you require.
Who else is a Data Processor for AURPO?
We also use third party organisations, known as data
processors, to provide certain services on our behalf. In order to deliver
these services, these organisations may have access to Personal Data.
Each data Processor will have their own Privacy Notice
that explains how they comply with the law (GDPR). They will hold it securely
and retain it for the duration we require.
UK2.net processes personal data on our behalf. You can
find their Privacy Notice here:
We only keep your Personal
Data for as long as we need it.
Your Personal Data that forms
your membership information will be kept for as long as you are member of The
Association and for no-longer than two years after your membership is
terminated. Personal Data of other parties that is used to contact you
regarding upcoming events run by AURPO will be kept for as long as it is
relevant or until we are instructed to erase it.
Personal Data and Sensitive
Personal Data that we collect in addition to your membership information for
the purposes of attending events, will only be kept for as long as is necessary
to provide you with services relating to that event.
What are my Rights under GDPR?
UK data protection law gives people a wider range of
rights in relation to their Personal Data. The rights are as follows:
The
right to be informed (i.e. told how your data will be used – this Privacy Notice
for example)
The
right of access to your Personal Data held by an organisation
The
right to have inaccurate data corrected
The
right to erasure (known as ‘the right to be forgotten’)
The
right to restrict processing of your Personal Data
The
right to data portability
The
right to object
Rights
in relation to automated decision making and profiling
Some of these rights won’t apply in all circumstances,
but they do give you a good deal of control over how your information is used
by organisations. See below to find out more.
More Information
The Information Commissioner’s
Office (ICO) website is the best source of information about your data
protection rights as they apply in the UK.
One of the most common ways in which people exercise
their data protection rights is to request a copy of the information an
organisation holds about them.
If you would like to make a request to AURPO for the data
we hold about you, see Requests for Personal Information, below.
Questions
If you have any concerns about how The Association uses
your data, or would like us to help you exercise your rights as listed above,
contact: enquiries@aurpo.org.uk
Requests for Personal Information
Accessing your Personal Information
UK data protection law
entitles individuals – or those acting on their behalf – to request access to
personal information The Association may hold about them, and to find out how
the University uses and shares their data. This is known as a Subject Access
Request.
How to make a Subject Access Request
Before you submit a request it may help to read the
guidance on requesting personal data from the Information Commissioner’s
Office. Subject Access Requests received by The Association are handled by the Executive
Team.
When you are ready to submit your request, remember to
include:
A clear explanation of the data you require. Please submit
your request in writing via e-mail, as it helps both you and us keep a record
of your exact request. Where possible, include dates and names of individuals
who you think may hold your Personal Data.
Scanned copies of two documents as proof of identity
(e.g. passport, birth certificate, driving licence or campus card). Make sure
one of the forms of ID has your current postal address.
If you are submitting the request on behalf of someone
else, a signed form of authority so we can establish that you are entitled to
access their data.
On receipt of the required documentation the Executive
Team will contact the appropriate individual(s) to obtain the data you have
requested. In order to provide you with the correct data we may ask you to give
further information.
Once we have gathered all the data, we will review it to
check that it is in scope of your request, and to find out if it contains
information about other people (third parties).
We will consider the rights of
third parties whose information is included in the material you have requested.
Where possible, third party Personal Data will be removed prior to the
information being released. If this is not possible, we will seek consent of
the third party to release the information to you. On occasion, this may
necessarily involve disclosing to them that you have made this request. Where
consent cannot be obtained or is refused, we will consider whether it is reasonable
to release the information to you.
What will I Receive?
You will receive a copy of the Personal Data you have
requested, if it is held by The Association. Under the GDPR, people making a
Subject Access Request are also entitled to the following information:
The
purposes of the processing.
The
categories of Personal Data concerned.
The
recipients or categories of recipient to whom the Personal Data have been or
will be disclosed, in particular recipients in third countries or international
organisations.
Where
possible, the envisaged period for which the Personal Data will be stored or,
if not possible, the criteria used to determine that period.
The
existence of the right to request from the Data Controller (AURPO) Rectification
or Erasure of Personal Data or restriction of processing of Personal Data
concerning them, or to object to such processing.
The
right to lodge a complaint with a supervisory authority (ICO).
Where
the Personal Data is not collected from the individual, any available information
as to their source.
The
existence of automated decision-making, including profiling and, at least in
those cases, meaningful information about the logic involved, as well as the
significance and the envisaged consequences of such processing for the
individual.
Much of this information will
be in this Privacy Notice, and our response may highlight this relevant
material.
Providing Our Response
Our response can be provided in digital or paper copy.
Where we have received the request electronically, we will provide our response
in the same way, unless otherwise requested.
Where our response is sent via email, we will password
protect your data before sending it to you. Please ensure that you have given
us your current postal address so we have a secure means of sending you the
password to access our response.
Our response will be provided within one calendar month of receipt of the written request, fee (if applicable), ID and all information required to locate your data.
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.