To print PDF document – please click here.
This document sets out how Christians in Science (CiS) handles personal information to ensure compliance with the General Data Protection Regulation (GDPR) that came into force on 25th May 2018. All those handling personal information of members must sign their agreement to our Data Protection Policy which is available on request (Appendix 1).
For further information about our privacy practices, please contact our Executive Officer by:
1. How we collect data
2. The data we hold and how we use it
i. The National CiS membership database maintained by the Membership Secretary
ii. Gift Aid declaration forms and database maintained by the Treasurer
iii. Contact lists maintained by Local CiS groups
iv. Staff Contracts and information necessary for administration of employment
v. Application forms for CiS posts, conferences, bursaries etc
vi. Contact information of those indicating their wish to receive further information about CiS (e.g. sign-up sheets at public events)
i) National Membership Database
Depending on the information provided by the member, this database contains some or all the following details of each member: Membership number; Title; Surname; Preferred name; Birth decade; Date of graduation; Academic qualifications; Main discipline; Current post; Mailing address including country; Phone number; E-mail address; Alternative e-mail address; Geographical zone: UK/Europe/RoW continent; Subscription rate; Journal choice; Full or Associate membership; Joint membership (yes or no); Inclusion in Membership directory (yes or no); “Life” (=5-year) membership (yes or no); Password; Date joined; Date resigned (where applicable); Online expiry date; Year of Gift Aid declaration if on file; How applicant found out about CiS; Fees paid list; Total paid; Donation included; Subscription amount; Mailing supplement amount; Date paid; Gift Aid (yes or no).
ii) Gift Aid declaration forms and database maintained by the Treasurer
The Treasurer holds hard copies of the Gift Aid declaration forms in a secure cabinet and maintains a password-protected Gift Aid Excel spreadsheet. This information is for the use of HMRC only.
iii) Contact lists maintained by Local CiS groups
Local groups may maintain their own databases containing contact details of those who have asked to be kept aware of local CiS activities. Many of these contacts are not subscribing members of CiS and consequently such local contact lists are maintained independently of the National Database. These lists are the responsibility of the Local Leaders who are expected to apply the same stringent data protection regime that operate for the National Database. Thus the local leadership must obtain the explicit permission of each person to hold their contact details and confirm their approval as to how it will be used which should be explicitly stated. (For example “to keep you informed of local and National CiS events and other related activities”). This is usually stated on the sign up lists used to collect personal information but is confirmed annually. In all group email communications to members there is provision of an option to “unsubscribe”. In no case is the contact information held by local groups passed on to third parties without permission of the individual concerned unless this information is already freely available in the public domain.
iv) Staff Contracts and information necessary for administration of employment
Personal Data on those employed by CiS are contained within their contracts and application forms that are stored securely in paper form by the Secretary. This information is only made available to other CiS Officers and agents (such as the external payroll officer) as required to fulfil the conditions of the individual staff member’s contract of employment. Any requests by outside entities for personal information held within the contracts is subject to the agreement of the employee before such information is released.
v) Application forms for CiS posts, conferences, bursaries etc
Personal information contained in applications for CiS positions (paid or unpaid) is only made available to those directly involved in the relevant appointment / bursary etc. This information is kept for 12 months by the Secretary and/or Executive Officer and cannot be shared with third parties unless prior permission is obtained from the applicant.
vi) Contact Information from sign-up sheets.
This information is transferred to a password protected Excel file by the Development Officer or Executive Officer and used solely for the purpose of contacting the person after the event with the information they request. It is deleted after 12 months.
3. Legal Basis for using personal Information
We will only use the personal information we hold where we have the consent of the individual to do so and for the purposes noted above or where required to do so by law (see Legal Disclosure below). In the case of paid employees, personal information is held and used only as defined in their contract of employment.
4. When we share your information
Personal information is not shared with any other organisation, commercial or charitable. Nor is it shared with any third party who requests it without the member’s explicit permission. All requests for contact information of members must go through a CiS Office holder (usually the Executive Officer or Secretary).
We may disclose personal information if required to do so by law (for example, to comply with applicable laws, regulations and codes of practice or in response to a valid request from a competent authority).
5. How long do we hold information?
We only keep information only for as long as is reasonable and necessary for the relevant activity, which may be to fulfil statutory obligations (for example, the collection of Gift Aid). For those who do not renew their membership we retain information for 6 years unless requested to remove it as noted below.
6. The right to amend or remove personal information we hold
Members are reminded annually of their rights and responsibilities under GDPR including the right to see all the information we hold on them and the right to be removed from the database upon request. Such requests should be made to the Executive Officer who should also be contacted if members wish to amend or remove information we hold on them, or change the means by which we contact them. Provision of an option to “unsubscribe” is included in all group email communications to members
7. Keeping Personal Information Safe
We take the protection of personal data very seriously and take precautions to ensure breaches in our security procedures do not occur as outlined below.
i) Database security
The membership database is maintained by The Membership Secretary and is held on a server which is strongly password protected. When relevant parts of the database are made available to other CiS Office Holders (e.g. Treasurer, Secretary, Development Officer, Executive Officer and Chairman) all electronic transmission and storage of the data is performed under strong password protection and the information is deleted immediately after use. CiS Officers and members are regularly reminded of the importance of not sharing members’ personal information with third parties (including other CiS members) without their prior permission. This does not apply when the information is already freely available in the public domain.
ii) Credit / debit card security
If members use a credit or debit card to make payments / donations to CiS, whether on line, by phone or by mail, we process the information securely in accordance with the Payment Card Industry Data Security Standard (PCIDSS). Credit card details are not stored and are destroyed once the transaction is complete.
iii) Regular assessment of GDPR compliance
We critically assess of our compliance with the GDPR on a regular basis. This has revealed that breaches are most likely to occur inadvertently, especially during email correspondence. Our data protection Policy (Appendix 1) contains examples to illustrate how this may occur and steps taken to prevent it.
8. If breaches of GDPR are detected
If we become aware of a minor breach of GDPR, the Executive Officer will inform the offender and a record will be kept. If others who are at risk from such minor breaches of GDPR, they will be informed. In the unlikely event of a serious breach in the GDPR it will be reported to the Information Commissioners Office
‘Cookie‘ is a name for a small file, usually of letters and numbers, which is downloaded onto your device, like your computer, mobile phone or tablet when you visit a website. They let websites recognise your device, so that the sites can work more effectively, and also gather information about how you use the site. A cookie, by itself, can’t be used to identify you.