ANATOMICAL SOCIETY COUNCIL APPROVED POLICY 29.09.16

Anatomical Society Data Protection Policy



Introduction

The Society holds personal information/data (on paper, or computer or other media) on our members and non-members (i.e. employees, award holders, training programme participants, delegates to meetings, suppliers of services and financial information – such as MCI Ltd, Wiley-Blackwell, Webree and others with whom we communicate). We aim to make sure that that this personal information is processed in accordance with legal requirements.

Members, staff and outsourced organizations working on behalf of the Society, including social media (i.e. Twitter, Facebook, LinkedIn) are expected to comply with data protection legal requirements.

This document explains our data protection policy. Detailed general background information to the Data Protection Act can be found at these two sites:

http://www.ico.org.uk/for_organisations/data_protection/the_guide/key_definitions#personal-data

http://www.cfg.org.uk/resources/Publications/~/media/Files/Resources/CFDG%20Publications/Data_Protection2013.ashx


What does the law cover?

The General Data Protection Regulations (GDPR) 2018 will be in place when the the UK leaves the EU which means that we will still need to clearly prove that we have opt-in approval to use contact information for marketing purposes. In effect the Information Commissioner’s Office (ICO) has stated that data protection laws will have to be consistent with Europe in spite of the recent referendum on Europe.

The UK Data Protection Act ("DPA") requires the Anatomical Society to comply with the eight data protection principles. Each principle is explained below, together with a brief summary of how the Society complies with the principle in practice. A reference in this Policy to "you" means an individual who is a member or non-member of the Society and staff as data subjects as well as members (e.g. Trustees; Committee Members ) and staff (e.g. Data Protection Officer) who carry out the Society’s policies and a reference to "we"  means the Society.

Principle 1: Processed fairly and lawfully

This means telling you what information we hold about you and what we do with it (e.g. sending details of our information). For example, for members, key information is shown in the annual Membership Renewal Letter. If you wish to see all the information held about you in the membership database (outsourced to MCI Ltd) you can write to us at the address below.

Principle 2: Obtained for specified and lawful purposes and processing in a compatible manner

We have registered with the Information Commissioner (the person responsible for the operation of the DPA) and told the Commissioner about the purposes for which we process personal information.

Principle 3: Personal information shall be adequate, relevant and not excessive in relation to the purpose for which they are processed

In practice, this means not asking you for more information than we need. That is why we only ask for limited and specific information from our members and non-members.

Principle 4: Personal information shall be accurate and, where necessary, kept up- to-date

We check the accuracy of the information we hold about you at least once a year. For members this is on renewal of your membership. In the meantime, if any information which you have previously given us changes (e.g. your email address), please notify us so that we can correct our records.

Principle 5: Personal information processed for any purpose(s) shall not be kept for longer than is necessary for that purpose or those purposes

For members, we hold your personal information throughout your lifetime – when you cease to be a member your information is archived. Non-member personal information is only kept for as long as is necessary.

Principle 6: Personal information shall be processed in accordance with the rights of data subjects under this Act

The DPA gives individuals a number of rights. These include your right to request details of the personal information the Society holds about you. If you want to find out what this is, please send a written request to The Data Protection Officer at the address which appears at the end of this Policy. The Society reserves the right to charge the maximum fee payable (£10) for each subject access request and aims to reply within 40 days (statutory maximum) of receipt of the request.

Principle 7: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal information and against accidental loss or destruction of, or damage to, personal information

This means that we follow sensible procedures to make sure that personal information in filing cabinets and held on computer cannot be accessed by unauthorised personnel and that we have back-up procedures in place to ensure that we can recover personal information in the event of computer failure.

Principle 8: Not transferred to non-European Economic Area (EEA) countries without adequate protection

Personal information if sent outside the European Economic Area will only be sent to bona fide individuals and/or organisations and then only with consent of the individuals concerned, or in compliance with one of the other Schedule 4 exemptions to the Data Protection Act 1984. http://www.legislation.gov.uk/ukpga/1998/29/contents

Members, staff, outsourced organisations working on behalf of the Society using ‘Cloud Computing’ or ‘BYOD – Bring Your Own Devices’ are expected to comply with not just Principle 8 but all the data protection principles.

Anatomical Society Meetings

Council 9th July 2015 agreed that people attending the Anatomical society meetings will be instructed that there is to be no unauthorised visual reproduction and dissemination of material at AS meetings (e.g. lectures, presentations, posters, exhibits) into the public domain (including social media) in order to comply with data protection and confidentiality principles.

Images/Photos

All meetings delegates are advised on registering for an Anatomical Society meeting that they are consenting to photos being taken in which they may be identified for Society marketing and publicity purposes.

By submitting an image/image for an Anatomical Society Prize you are confirming that you have obtained permission from people in any photos that you send to the Society that they are content for their photos to be used on the Anatomical society website/newsletter and other media.

By submitting an image for an Anatomical Society Prize you are confirming that you own the copyright  of the image or have gained the explicit permission of the copyright holder for the image to be submitted for a specific award and to be used on the Anatomical society website/newsletter and other media.

Anatomical Society Privacy Statement

A related policy is the Society’s Privacy Statement http://www.anatsoc.org.uk/policies/privacy-statement

Changes to the Anatomical Society Data Protection Policy or Privacy Statement

We may change our Data Protection Policy and Privacy Statement from time-to-time to reflect any changes to our practices, in accordance with changes to legislation or with best practice. Future revisions to either document will be posted on our website as soon as practicable after the change takes place.

Data Protection Officer

Anatomical Society

c/o Department of Anatomy and Human Sciences

King’s College (London), Guy’s Hospital Campus

Room HB4.2N Hodgkin Building

London, SE1 1UL

Office Tel: 0207 848 8234

Work Mobile: 07810 758 390

E-mail: maryanne.piggott@kcl.ac.uk

www.anatsoc.org.uk

Date Approved by Council: 17.09.15 and Council 29.09.16

File: AS-Data-Protection-Policy-Revisions for Council 170915FINAL APPROVED – UPDATED FOR COUNCIL 290916 FINAL 081116 for upload to the AS website

END