Christians in Science

Privacy Policy – GDPR

Christians in Science Privacy Policy

To print PDF document – please click here.

This document sets out how Christians in Science (CiS) handles personal information to ensure compliance with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018.  All those handling personal information of members must sign their agreement to our Data Protection Policy which is available on request (Appendix 1).

How we collect data

The personal information we hold is obtained directly from the individual concerned and we do not solicit or obtain information on our members from any other source.  CiS obtains the explicit permission of each member to hold their personal information and confirm their approval as to how we may use it.  In no case will this information be passed on to third parties without permission of the individual concerned.

The data we hold and how we use it

  1. The National CiS membership database maintained by the Membership Secretary
  2. Gift Aid declaration forms and database maintained by the Treasurer
  3. Contact lists maintained by Local CiS groups
  4. Staff Contracts and information necessary for administration of employment
  5. Application forms for CiS posts, conferences, bursaries etc
  6. Contact information of those indicating their wish to receive further information about CiS (e.g. sign-up sheets at public events)

National Membership Database
Depending on the information provided by the member, this database contains some or all the following details of each member: Membership number;  Title;  Surname;  Preferred name;  Birth decade;  Date of graduation;  Academic qualifications;  Main discipline;  Current post;  Mailing address including country;  Phone number;  E-mail address;  Alternative e-mail address;  Geographical zone: UK/Europe/RoW continent;  Subscription rate;  Journal choice;  Full or Associate membership;  Joint membership (yes or no);  Inclusion in Membership directory (yes or no);  “Life”  (=5-year) membership (yes or no);  Password;  Date joined;  Date resigned (where applicable);  Online expiry date;  Year of Gift Aid declaration if on file;  How applicant found out about CiS;  Fees paid list;  Total paid;  Donation included;  Subscription amount;  Mailing supplement amount;  Date paid;  Gift Aid (yes or no).

The secure on-line database is maintained by the Membership Secretary and is strongly password protected.  Relevant parts of the database are made available to other CiS Office Holders (e.g. Treasurer, Secretary, Development Officer, Executive Officer and Chairman) who may use the information only in pursuance of CiS business.  If this requires temporary storage of personal information on an individual’s computer, all electronic transmission and storage of the data is performed under strong password protection and the information is deleted immediately after use. Our data protection policy (Appendix 1, available on request) provides guidance on how to ensure secure password protection.

Gift Aid declaration forms and database maintained by the Treasurer
The Treasurer holds hard copies of the Gift Aid declaration forms in a secure cabinet and maintains a password-protected Gift Aid Excel spreadsheet.  This information is for the use of HMRC only.

Contact lists maintained by Local CiS groups
Local groups may maintain their own databases containing contact details of those who have asked to be kept aware of local CiS activities.  Many of these contacts are not subscribing members of CiS and consequently such local contact lists are maintained independently of the National Database.  These lists are the responsibility of the Local Leaders who are expected to apply the same stringent data protection regime that operate for the National Database.  Thus the local leadership must obtain the explicit permission of each person to hold their contact details and confirm their approval as to how it will be used which should be explicitly stated.  (For example “to keep you informed of local and National CiS events and other related activities”).  This is usually stated on the sign up lists used to collect personal information but is confirmed annually. In all group email communications to members there is provision of an option to “unsubscribe”.  In no case is the contact information held by local groups passed on to third parties without permission of the individual concerned unless this information is already freely available in the public domain.

Staff Contracts and information necessary for administration of employment
Personal Data on those employed by CiS are contained within their contracts and application forms that are stored securely in paper form by the Secretary.  This information is only made available to other CiS Officers and agents (such as the external payroll officer) as required to fulfil the conditions of the individual staff member’s contract of employment.  Any requests by outside entities for personal information held within the contracts is subject to the agreement of the employee before such information is released.

Application forms for CiS posts, conferences, bursaries etc
Personal information contained in applications for CiS positions (paid or unpaid) is only made available to those directly involved in the relevant appointment / bursary etc.  This information is kept for 12 months by the Secretary and/or Executive Officer and cannot be shared with third parties unless prior permission is obtained from the applicant.

Contact Information from sign-up sheets.
This information is transferred to a password protected Excel file by the Development Officer or Executive Officer and used solely for the purpose of contacting the person after the event with the information they request.  It is deleted after 12 months.

When we share your information

Personal information is not shared with any other organisation, commercial or charitable.  Nor is it shared with any third party who request it without the member’s explicit permission.  All requests for contact information of members must go through a CiS Office holder (usually the Executive Officer or Secretary).

Your rights to amend or remove personal information we hold

Members are reminded annually of their rights and responsibilities under GDPR including the right to see all the information we hold on them and the right to be removed from the database upon request.  Such requests should be made to the Executive Officer who should also be contacted if members wish to amend or remove information we hold on them, or change the means by which we contact them.  Provision of an option to “unsubscribe” is included in all group email communications to members.

How we prevent inadvertent breaches of the GDPR

Database security
We take the protection of your personal data very seriously. The membership database is maintained by The Membership Secretary and is held on a server which is strongly password protected.  When relevant parts of the database are made available to other CiS Office Holders (e.g. Treasurer, Secretary, Development Officer, Executive Officer and Chairman) all electronic transmission and storage of the data is performed under strong password protection and the information is deleted immediately after use. CiS Officers and members are regularly reminded of the importance of not sharing members’ personal information with third parties (including other CiS members) without their prior permission. This does not apply when the information is already freely available in the public domain.

Credit / debit card security
If members use a credit or debit card to make payments / donations to CiS, whether on line, by phone or by mail, we process the information securely in accordance with the Payment Card Industry Data Security Standard (PCIDSS).  Credit card details are not stored and are destroyed once the transaction is complete.

Regular assessment of GDPR compliance
We critically assess of our compliance with the GDPR on a regular basis.  This has revealed that breaches are most likely to occur inadvertently, especially during email correspondence.  Our data protection Policy (Appendix 1) contains examples to illustrate how this may occur and steps taken to prevent it.

If breaches of GDPR are detected
If we become aware of a minor breach of GDPR, the Executive Officer will inform the offender and a record will be kept.  If others who are at risk from such minor breaches of GDPR, they will be informed.   In the unlikely event of a serious breach in the GDPR it will be reported to the Information Commissioners Office