Notice on UK’s exiting of the European Union
Although the EU GDPR has not yet been brought into UK law as ‘UK GDPR’, as the UK Government has indicated it will do, the Society, as a company that operates within the European Union, continues to operate under the EU GDPR, and must do so. More information about data protection in the United Kingdom after the end of the transition period is available from the ICO here.
1. General
1.1 Introduction
The British Society for Phenomenology (the Society) collects and asks for some personal data. We only take personal data when we need to, and store it securely and, where possible, it is anonymized. Only authorised agents of the Society have access to this data, and their access is controlled and revocable by the Society’s Data Controller. The Society, as an organisation that operates within the European Union, complies with EU General Data Protection Regulation (GDPR).
This policy document explains what information we process, why we process it and how. It also details how to exercise your data rights should you need to. If you have any questions about this document, you can contact the Data Controller (§2.1).
1.2 Retention of Personal Data
The following timescales are how long we keep your data unless your exercise your right to be forgotten (§2.3).
Membership data: one year after lapsed membership. See §3.2.3
Applicant to a Call for Papers: three months after event. See §3.4.2
Event registration data: one year after lapsed registration. See §3.3.2
Email correspondence: one year, unless we have a specific reason for keeping it. See §
Transaction Information: two years from end of relevant tax year. Transaction information is anonymised if you exercise your right to be forgotten (§2.3) and if the retention period expires on your personal data.
Subscription to mailing list: data will be kept until a data subject unsubscribes. If a data subject unsubscribes and the only relationship they had with the society was their subscription to the mailing list, we will delete their data at the point of processing their subscription. If the data subject is in contract, then the next paragraph applies
Retention where multiple contracts are in effect: If the retention time on one contract comes to an end, but you are still in contract with us for another service, then the retention policy for the later-expiring service applies, but only on data items required for the remaining contracts will be retained. So, for example, we would not delete your active membership data when the retention period for a conference you attended expires. We would only delete your registration-specific data.
2. Communicating with us about your Data
2.1 Data Controller
Any questions about your data can be directed to the Data Controller
Name: Matthew Barnard
Contact Email: [email protected]
2.2 Updating your data
If you need to update any of your data (such as a change of address, email address or name) please email the data controller: [email protected]
2.3 Your Rights under GDPR
2.3.1 Data Managed by the Society
Under GDPR, you have a right to data mobility and a right to be forgotten. This means you can ask for a copy of the data the Society holds on you and you can ask for it to be deleted. To exercise any of these rights, please email [email protected]
Please note, that if you are a member of the Society and you wish to exercise your right to be forgotten, we will no longer be able to fulfill your membership and that membership will become void, and you will lose your subscription to the Journal. This is because your personal data is necessary to provide the subscription to you.
2.3.2 Data Managed by Other Organisations
For information on how to exercise your right to be forgotten or to data mobility regarding any subscription with Taylor and Francis, please consult their policy here.
For information on exercising your rights with information you submit to PayPal as part of any transaction, see their policies here.
For automated emails and our newsletter, we use the email distribution service SendInBlue to ensure security, although your data does remain under our control, you can view their privacy policy is available here.
3 How we use your data
3.1 As a user of our website
3.1.1 Cookies Managed by the Society
We use cookies as a means to allow our site to function and to ensure the security of our forms. We do not use cookies for advertising purposes. We do not retain the information attached to the cookies we use internally on our website.
3.1.2 Third Party Cookies
Both Google Analytics and WordPress (the framework we currently use for our website) use cookies. For Google Analytics, see §3.1.3. Regarding the cookies deployed by WordPress, please see their cookie policy here.
3.1.3 Anonymous Analytics
Like most modern organisations, the Society uses Google Analytics to better understand how site visitors use the site. We do this in order to improve its user experience. The data collected is anonymous, and we employ a data retention policy of 26 months for this service. For information on how Google uses this data, please click here for their privacy policies here
3.1.4 Google “reCAPTCHA” Verification
We used Google’s “reCAPTCHA” service to validate our forms to help prevent spam and hacking attempts. This service comes under Google’s privacy policy and terms of use.
3.2 As a member of the society
3.2.1 Membership Data
The Society records for the following information from its members in order to fulfil its contract with them:
- Name
- Postal address
- The date and time of:
- The start of membership
- Each membership renewal
- Each log in to our system to manage your membership (for security purposes)
In addition, we ask for the following optional information:
- Gender identity
- A second email for journal subscription delivery instead of the contact email
3.2.2 Subscription Data
To process your subscription, we send your name, subscription email address, and postal address to our publishers Taylor and Francis. You can consult their privacy policies here. If you would prefer not to receive a journal as part of your subscription to the Society for whatever reason, you can contact the membership secretary to arrange that. The Society does not offer discounted memberships for those who opt out of journal subscriptions. We also inform Taylor and Francis when your subscription has lapsed and you have not renewed.
3.2.3 Retention Policy
Our retention policy is to keep this data for one year after the end of your last tenure with us, unless you specifically request it within your right to be forgotten (see §2.3).
3.3 As a registrant of one of our events
3.3.1 Data Stored
The Society records for the following information from its members in order to fulfil its contract with them:
- Name
- The date and time of:
- Each registration
- Each log in to our system to manage your registrations (for security purposes)
- Whether or not you attend
- The amount paid
In addition, we ask for the following optional information:
- Gender identity
- Dietary Requirements
- Access requirements
3.3.2 Retention Policy
Our retention policy is to keep this data for one year after the end of your last registration of an event with us, unless you specifically request it within your right to be forgotten.
3.4 As an Applicant to a Call for Papers
3.4.1 Data Stored
When we process calls for papers through our submission system, we record for the following data:
- Name
- Contact email
- Time of submission
And we also ask for the following optional information
- Institutional affiliation
- Career status (academic, ECR, practitioner, student, independent, etc.)
- Gender identity
- Relevant disabilities or any other information that you may want to tell us
3.4.2 Retention Policy
We retain this information until three months after the event, unless otherwise requested.
3.5 As a subscriber to our mailing list
3.5.1 Data Stored
We record:
- Your contact email
- Your name
- The date you opted in
We also ask for the following optional information:
- Your gender identity
Unlike the previous services discussed, which operate under a contract, your explicit consent is required to be a part of our mailing list. You must opt in to this sort of communication and you can always opt out using an unsubscribe link on each email, by visiting this webpage, or by writing to [email protected]
3.5.2 Retention
We keep this information until you unsubscribe. When you unsubscribe, what happens depend on if you have an open contract with us (i.e., a membership, event registration, application).
Subscriber only: If you were a subscriber only and not a member, delegate, applicant, and have no other open contract with the society, all of your personal data will be deleted at the point of processing your unsubscribe request
Those with an open contract with the Society: If you are a current member, delegate, or applicant, then the retention policy of those contracts will come into play. However, you will no longer receive the newsletter or any other marketing communications.
3.6 As a correspondent with the Society
3.6.1 Data Stored
Emails we send and receive are, as would be expected, automatically retained in our mailbox.
3.6.2 Retention Policy
Our data retention for correspondence in our britishphenomenology.org.uk email address is to delete all emails that are not needed for a specific purpose (for example, accounting purposes) once a year. If you contact an agent of the society via an email address at a different domain, for example their university domain, this correspondence will be covered by that institution’s privacy policy.
For automated emails and our newsletter, we use the email distribution service SendInBlue. Their privacy policy is available here.
3.7 PayPal Transactions
3.7.1 Data Stored
We use PayPal to take payments through the website. The transactions you make through PayPal are governed by their own policies, which are available here. Upon completion or cancellation of a transaction, PayPal passes some data to us. We only retain the following data and link it with your record in our membership and registration system.
- Transaction amount, fees and currency
- Payer account
- Date and time of transaction
- Transaction ID
- The type of PayPal transaction
3.7.2 Retention
The information we extract is attached to your record with us, and this linkage comes under the relevant contract’s retention policy. However, in order to complete our accounts, we must retain transaction data. As such, if retention on your personal data expires (§1.2) or you exercise your right to be forgotten, we anonymise the transactions you’ve made. We retain transaction data itself for two years from the end of the relevant tax year.
The information held with PayPal comes under their own retention policy. To see PayPal’s retention policy, click here.
4. About this Document
4.1 If you have questions
If you have any questions about this document, please contact [email protected]
4.2 Changes
2020.1 – Minor Clarification for the end of the UK/EU Transitionary Period
- In 1.1, changed ‘as a company within the European Union’ to ‘as a company that operates within the European Union’.
2018.1 – First Version
- This was the first version of the document
4.3 Versions of this Document
- Current: 2020.1
- 2018.1