We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Personal data is any information that relates to you from which you can be identified by us.
Society Name: British Photodermatology Group
Registered Office Address: 4 Fitzroy Square, London W1T 5HQ, England
Your personal information – how do we collect personal information about you and how is your information used?
BPG is committed to maintaining your personal information in accordance with the requirements of the EU’s General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and will take all reasonable steps to ensure that your personal data is kept secure against unauthorised or unlawful access or accidental loss, disclosure, destruction or damage.
We will process your personal data in ways that enable us to run our operations and manage our relationship with you effectively, lawfully and appropriately, as well as to comply with any legal requirements and pursue the legitimate interests of BPG.
Personal information provided to us (name, address, email, etc.) will be used for the purposes outlined at the time of collection or registration, in accordance with the preferences you express (at the point of new registration and/or renewal), and can be processed by us for a number of different purposes including:
- Administration of membership (administered by third party, the British Association of Dermatologists, BAD); however the BPG maintains its own membership data
- Fulfillment of orders for goods and services requested, including registration for educational courses, scientific meetings and other events, as well as subscriptions to publications
- Communication about our membership, events and other activities that we think may be of interest to you (e.g. participate in survey requests, BPG elections and notification of job offers and new services available to BPG members);
- Abstract/CV/supporting statement submissions;
- Awards/fellowships and scholarship applications;
- Research and statistical analysis;
- Ensuring that all marketing communications you receive from us are relevant, such as tailoring messaging to our existing members and customers and potential members and customers to reflect their interests;
- Complying with legal and regulatory requirements;
- Verifying your identity when you contact BPG.
We may collect personal data about you when you contact us via email or telephone and when you use our website, for example when contacting or communicating with us, and we may keep a record of that correspondence. We will also maintain a record of your comments, if you choose to make any comments available through the BPG website.
By agreeing to become a BPG member, you are entering into a legitimate interest basis for data processing and at the point of applying for membership the following personal data is collected (via BAD):
- Personal details – name, gender, nationality, date of birth, home address, telephone number, email
- Professional details – job title, hospital address, GMC number, NTN number
- Membership details – membership category
If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that new purpose and any other relevant information.
Retention of your personal information
We will hold your personal data only for as long as necessary for each purpose we use it. We continually review what information we hold and will delete personal data which is no longer required.
How we use your personal information – Your choices
BPG always acts upon your choices around what type of communications you want to receive and how you want to receive them. However, there are some communications that need to happen regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our promises to you as a member of BPG or a buyer of goods or services from us. Examples of this type of communication would be:
- Membership-related mailings, such as your renewal reminders (administered by BAD on behalf of BPG) and AGM notices;
- Transaction notification messaging, such as payment confirmation or Direct Debit collection notifications (BAD on behalf of BPG);
- Communications about events you have registered to attend, etc;
- Communications about forthcoming BPG organised courses and events which may be of interest to you via our Newsletter or ad hoc email alerts.
- Maintain and update our membership database
Where we are processing data based on your consent, we will ensure that you are as fully informed as possible at the time as to how your personal information will be used, with whom it may be shared and how long we will keep it. This is in line with the requirements of the current data protection legislation.
If you have provided consent for the processing of your data, you have the right to withdraw your consent at any time, which will not affect the lawfulness of the processing before your consent was withdrawn.
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as, in certain circumstances, the right to data portability.
If, at any time, you wish to update or amend your personal data or preferences, or if you have concerns as to how your data is processed, please write to:
British Photodermatology Group (BPG)
4 Fitzroy Square
You also have to right to ask us, in writing, for a copy of all personal data held about you (this is known as a ‘subject access request’). A copy will be sent to you as soon as possible and no later than 30 days after your request.
If you wish to raise any complaints on how we have handled your personal data, please contact us, and we will investigate the matter and notify you of our findings and any remedial action taken. If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Sharing your personal information – who has access to your information (disclosure policy)?
BPG may use external third parties to process your personal information on its behalf in accordance with the purposes outlined above.
BPG may share your personal information with the following groups where necessary:
- BPG members and volunteers
- The publishers of the Photodermatology, Photoimmunology and Photomedicine journal and other relevant publications
- Event participants
- Organisers of other relevant events we feel might be of interest to you.
When we allow access to your information, we will always do so under strictly controlled conditions.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with any legal or contractual requirements. In such circumstances, we will put in place safeguards, such as the use of encryption, to ensure the security of your data.
However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the BPG for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
Links to third party websites
We cannot be held responsible for the privacy policies and practices of other third-party websites, so we advise users to read the privacy policies/statements of other websites they are visiting and before registering any personal data.
We may sometimes collect information about the computer or device you use to access our sites, including where available your IP address, operating system and browser type, for system administration.
Security precautions in place to protect the loss, misuse or alteration of your information
- When you give us personal information, we take steps to ensure that its treated securely.
- All information you provide to us is stored on secure servers in the European Union. Any payment transactions will be encrypted using SSL technology and any credit, debit card or payment details you submit online will be processed and held by our third-party payment processor. We do not hold credit or debit card data ourselves.
- Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
- Non-sensitive details (your email address etc) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. Although we will do what we reasonably can to protect your personal data and we have had this website security tested by a third party, we cannot guarantee the security of your data transmitted to our site and any such transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to protect your personal data against unauthorized or unlawful access or accidental loss, destruction or damage.
Our website uses a content management system (CMS) to allow us to update content and images. Our site is hosted at Rackspace in London and uses Cloudflare to provide a secure barrier that provides complete DDoS protection. The hosting is run by an infrastructure management company called M Group contracted by Maxx Design Ltd to manage the servers and their operation. We use Google Analytics to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. The User and Event Data Retention within Google Analytics is set to ‘Do Not Automatically Expire’. Google Analytics data will be stored indefinitely, subject to acceptance and interaction of Google Analytics cookies.
|Google Analytics||_gat _ga _gid AMP_TOKEN _Gac_ _utma _utmt _utmb _utmc _utmz _utmv||These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information, including IP address, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.||Click here for an overview of privacy at Google|
|Cloudflare||_cfduid||The _cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis||https://support.cloudflare.com/hc/en-us/articles/200170156-What-does-the-Cloudflare-cfduid-cookie-do-|
Our website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help us analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for our website operators and providing other services relating to website activity and internet usage.
To opt-out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout
Our website works better with cookies enabled. Our cookies don’t give us, or anyone else, access to your personal data. We advise you to keep cookies enabled. However, you can choose to reject cookies. There are instructions on how to delete cookies on the ‘About Cookies’ website.
Review of this Policy
This page will hold the latest information regarding our privacy and fair processing notification and we will refer to it when we ask you for your consent.
This page will be updated from time to time to reflect the latest view of what we do with your data and you should check this page to make sure that you have seen the latest version. This policy was last updated in April 2022.