Privacy notice

From SCATA Wiki

SCATA (UK Society for Computing and Technology in Anaesthesia) is a UK-registered medical charity.

Introduction
SCATA takes the privacy and data security of its members seriously. We aim to protect your personal information and ensure that we use it only for those purposes described below.
This document relates to the information that we hold in the administration area of our web site and in our email communications system (PHPList).
Please read this notice carefully and if you have any questions, feel free to contact either Chairman, President or Webmaster using the Contact link on the SCATA web site.
This document describes our duties and responsibilities as a data controller under the EU General Data Protection Regulations (GDPR) that came into effect on 25th May 2018.
Please note : this Privacy Notice is in Draft, this is version 1.0 dated 8-Aug 2018

Who are we ? We are a medical specialist society that exists to promote research into the use of computing and technology in anaesthesia, the science related thereto, and to disseminate the useful results of such research. In addition, SCATA aims to promote and facilitate education and training in Digital Healthcare.
Who is the Data Controller
SCATA - requests and correspondence should be directed to the Chairman in the first instance, using the Contact Form on the SCATA web site. The SCATA Committee does not have a specific role for Data Protection Officer.

What Information Do We Collect

  • Your name
  • postal address
  • email address
  • telephone number
  • post held and current hospital/rotation
  • personal web site
  • any non-functioning email addresses that we have used previously

We also collect and retain bank details

  • Name of Bank
  • Sort Code
  • Account Number
  • Paypal email address

for the purposes described below.
How We Collect Your Data

  • From the information that you enter on the web site when you join SCATA
  • From the information that you provide in Direct Debit mandates and/or Standing Order forms
  • From the information that you give us when you book for an event that is run by SCATA

How Do We Use Your Personal Information

  • To contact you for renewal of membership
  • To contact you with details of events and meetings that we think you may be interested in
  • To contact you with details of meetings and events that you have registered for via the SCATA Meeting Booking form.

What legal basis do we have for processing your personal data

By joining SCATA, you agree to enter into a contract with us where we provide membership and all benefits that accrue from such membership.
This is described in more detail in Article 6 and Recitals 39, 40, and Chapter III (Rights of the data subject) of the GDPR [1].
When Do We Share Your Personal Data
We never share your personal information with any other persons or organisations.
In the rare instance when we receive a request for your information that we think you may benefit from, we will contact you individually to obtain your consent.
Where Do We Store and Process Your Personal Data
The SCATA web site, hosted with Lunaria Ltd[2] has a privileged-access area, parts of which are visible by the member through the Member's Area login. Members of the SCATA Committee may from time to time be given wider access, in the case that they have a legitimate need to view and/or edit personal information in connection with their SCATA role. For instance, current Meeting Organisers may request access to the Meeting Bookings and/or the List of Members for the purpose of communication regarding meetings organised by SCATA.
These permissions are reviewed on a regular basis and revoked when no longer needed.
All data is held within the UK.
How Do We Secure Personal Data

We ensure that the personal information that we hold is stored on the latest technology with regular patch updates to server operating systems and software. Our web server (Apache 2.4) is updated regularly and we use the latest stable versions of the PHP scripting language (currently 7.x).
Member's passwords are not stored in plain text within our data store, they are hashed using a popular hashing algorithm .
All edits and record creation entries are audited and visible to the site administrator.
Attempts to steal member data using (for example) brute-force password attacks are monitored and (where appropriate), attackers are blocked using the IP tables firewall.
How long do we keep your personal data for?

In the case where your membership has lapsed, we retain your information for up to 12 months in the event that we need to contact you regarding renewal and/or termination
In the event that we receive explicit notice of termination, we erase all personal details from the data store immediately.
Your rights in relation to personal data

As a SCATA member, you have the right to :

  • access all personal information that we hold for you
  • correct or delete any or all of your personal information
  • lodge a complaint with the ICO in the case where you believe that we have mis-used your information

Use of cookies and other technologies

SCATA does not use tracking cookies on its web site.
We do use cookies to assist with some administrative functions such as identifying the logged-in user or with the Meeting Booking service.
How to contact us

Please use the SCATA Contact Form selecting either Chairman, Treasurer (Membership Secretary) or Webmaster, as appropriate.