Who are We?
What is Covered by This Policy?
Personal Information We Collect
How We Use Your Personal Information
Reasons Why We Use Your Personal Information
Change of Purpose
Sharing Personal Information with Third Parties
Your Rights and Access to Your Personal Information
Personal Information Security
How Long Will You Use My Personal Information for?
The purpose of this Policy is to tell you what personal information we collect, how it is used, where it is used, what rights you have and how to contact the Society.
Some websites of the Society may contain links to websites not owned or operated by the Society. The Society is not responsible for the content, privacy policies, or practices of those websites. We recommend that you review the privacy policies of each website you visit.
The Society collects personal information that you provide us when you visit our website or communicate with us via telephone or email.
Personal information that may be collected by the Society directly includes:
- title, first and last name
- date of birth
- email address
- postal addresses (including billing, service, and delivery addresses)
- telephone numbers
- financial information including bank account details
- transactional information such as details about payments to and from you and other details of products and services you have purchased from us
- technical information including internet protocol (IP) address, your login information, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website
- profile information including your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
- usage information including information about how you use our website, products and services and dietary requirements (where strictly necessary)
- communications information includes your preferences in receiving communications from us and your communication preferences
We may also collect and use special category data such as information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting. When we use your special category data in this way, we rely on the ground that it is needed in the public interest, such as for equal opportunities monitoring.
We may receive personal information about you from various third parties and public sources as set out below:
- analytics providers such as Google
- providers of technical and payment services such as Sage Pay who provide card payment services to us
- publicly available sources such as contact pages on university or hospital websites
- suppliers such as John Wiley & Sons Ltd or Elsevier who publish our journals
- organisations we collaborate with such as the British Division of the International Academy of Pathology and the European Society of Pathology
The Society uses your personal information:
- To register you as a new member volunteer, user, or applicant.
- To administer services, membership, grants, awards, events, participation in programmes or competitions and provision of information including:
- managing and sending information on our activities, services and goods
- managing your subscriptions to our journals
- managing payments, fees and charges
- collecting and recovering money owed to us
- maintaining your account.
- To manage our relationship with you which will include:
- asking you to leave a review or take a survey
- improving your experience with us.
- To process any donations and gift aid (if added).
- To administer and protect our business and this website (including troubleshooting, information analysis, testing, system maintenance, support, reporting and hosting of information as part of our efforts to keep our website safe and secure).
- To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.
- To use information analytics to improve our website, products/services, marketing, customer relationships and experiences.
- To make suggestions and recommendations to you about goods or services that may be of interest to you.
- To enable you to apply for a volunteer or employment role.
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you (e.g. membership of the Society).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g. communicating with you about our activities).
- Where we need to comply with a legal obligation (.e.g. entering your name into the Register of Members).
- Where we have your (explicit) consent (e.g. where you provide us dietary requirements for an event you are attending).
In regard to communications, generally, we do not rely on consent as a legal basis for processing your personal information because communicating with you is a legitimate interest either because communicating with you is an inherent part of your membership or it allows us to provide you with a better service. Although, you have the right to stop receiving some communications by contacting us.
As mentioned above, there may be some occasions where we seek your consent to collect and use your personal information (which may include sensitive information such as health information) but in those cases we will provide full details of what the Society is seeking consent for, so that you will be able to carefully consider whether to provide that consent.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may share your personal information with third parties set out below:
- IT Service providers Computeq and MK Digital Ltd
- Professional advisers including lawyers, auditors and insurers
- Our banking provider HSBC
- HM Revenue & Customs, Charity Commission, Office of the Scottish Charity Regulator and other regulators/authorities who require reporting of processing activities in certain circumstances.
- Our suppliers who help us provide our services and goods such as events companies and/or venues that we hire for our events
- John Wiley & Sons Ltd who produce and distribute the Journal of Pathology and Elsevier who produce and distribute our Diagnostic Histopathology journal
- Other charities or organisations we collaborate with for specific activities, for example Joint Meetings with the British Division of the International Academy of Pathology or collaborative membership with the European Society of Pathology
- Third parties to whom we may choose to transfer or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this Policy
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for purposes that are incompatible to the purposes for which your personal information is transferred and only permit them to process your personal information for specified purposes, in accordance with our instructions or as required by law.
We may also disclose personal information to prevent damage or harm to us, our services, activities or any person or property, or if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by public authorities.
The Society does not share your personal information with any unrelated third parties so that they may send you commercial promotions or offers for products or services. We do, however, share anonymous, aggregate information concerning the demographic makeup of our customers to unrelated third parties, and share personal information as described below.
Except as described in this Policy, we will not otherwise disclose personal data to any third parties.
When The Society transfers personal information to countries other than the country where it was provided, we do so in compliance with applicable data protection laws. Copies of the Personal Information at the point of origin are deleted on a regular basis. Any transfers of Personal Information from guests outside the European Economic Area (the “EEA”), will comply with GDPR requirements, as appropriate, in all respects.
In regard to marketing communications, our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us. You can choose to receive email and/or postal mail from The Society. The Society honours a “once out – always out” policy. Once you opt out, you are opted out of that type of communication until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive.
You also have the following rights:
Request to Access: also known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully using it along with the right to obtain the following information:
- the purpose of the use
- the categories of personal data
- the recipients to whom data has been disclosed or which will be disclosed
- the retention period
- the right to lodge a complaint with the ICO in the United Kingdom
- the source of the information if not collected direct from you
- the existence of any automated decision making
Rectification: This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Erasure: the right to have your personal information deleted and to have confirmation of deletion, but only where:
- the personal information is no longer necessary in relation to the purpose for which it was collected; or
- where your consent is withdrawn; or
- where there is no legal basis for the use; or
- there is a legal obligation to delete your personal information.
If we are unable to comply with your request to delete your personal information we will explain why.
Object to use of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to the use on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are using your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to use your personal information which override your rights and freedoms and therefore your objection will not be successful.
Request restriction of use of your personal information. This enables you to ask us to suspend the use of your personal information in the following scenarios:
- If you want us to establish the personal information’s accuracy.
- Where our use of the personal information is unlawful but you do not want us to erase it.
- Where you need us to hold the personal information even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your personal information but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you provided to us based provided consent or performance of a contract.
Withdraw consent at any time where we are relying on consent to use your personal information. However, this will not affect the lawfulness of any use carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Please contact us to exercise any of your rights. However, we may need to request specific information from you to help us confirm your identity to ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
The Society maintains reasonable and appropriate security measures designed to help protect against loss, misuse, and alteration of personal information collected by the Society.
We store your information on secure servers in the European Economic Area (EEA). We may also store information in paper files.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We use secure server software (SSL) to encrypt financial and personal information you input before it is sent to us. While we cannot ensure or guarantee that loss, misuse or alteration of information will not occur while it is under our control, we use our best efforts to try to prevent this.
In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. They also receive annual training on our privacy approach.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal information are set out below:
- By law we have to keep basic personal information about our customers (including contact, identity, financial and transaction information) for six years after they cease being customers for tax/regulatory purposes.
- We are required to retain personal information in the register of members for ten years after a person ceases to be a member.
- For any category of personal information not specifically defined in this notice, and unless otherwise specified by applicable law, the required retention period for any personal information will be deemed to be seven years from the date of receipt by us of that personal information.
In some circumstances you can ask us to delete your personal information: see ‘Your Rights and Access to Your Personal Information’ section above for further information.
In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We may amend this Policy at any time. If we make any changes in the way we collect, use, and/or share your personal information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the web sites covered by this Policy.
If you have questions or concerns regarding your personal information please contact the Society directly by any of the following methods:
If you believe that the Society has not complied with your rights in relation to using your personal information you can complain to the Information Commissioner’s Office. Their contact details are available at www.ico.org.uk.