Who Are We?
The British Society of Breast Radiology (BSBR)
We operate conscientiously within the requirements of the General Data Protection Regulations 2018 and other electronic marketing legislation. We work within the principles of fair data processing, namely:
- Using information in a way that people would reasonably expect
- Thinking about the impact of our processing
- Being transparent and ensuring that people know how we’ll use their information.
What this Privacy Statement covers
This statement covers how we treat any personal information that we collect and receive either from our website or as part of our broader operating processes.
We do not sell or pass on any personal information and we only use any information shared with us for running and improving our services and in that capacity operate as a data controller and, to the extent that we process the data, by an agency acting on our behalf as a data processor.
This statement tells you what information we collect, the steps we take to protect and secure it, how we use and share information, and finally, how you can contact us with questions or concerns.
Information you give us
The personal data or personal information we collect about you is made up of the information you provide when you use our site to register for events, view content on our site, and when you report a problem with our site and from which you can be identified during our communications with you.
You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This correspondence will be conducted with you by Rapier Design Ltd, who are the organisers of the conference.
The information you give us may include some or all of the following information: your name; address; gender; organisation; e-mail address; phone number; date of birth; passport information; driving licence information; Twitter name; financial and credit card information; dietary, medical and accessibility requirements; whether or not you will be accompanied by children at events and their ages; whether or not you are an abstract author/co-author; whether or not you are an association member and if so, your membership number; visa requirement status; whether or not you are interested in becoming a member of the association.
Note: This website is not intended for children and we do not knowingly collect data relating to children. This website does not enable visitors to it to communicate with others or to post information to be accessed by others.
how is this information used
We will only use your personal data when the law allows us to.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Most commonly, we will use your personal data in the following circumstances:
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as an event participant, (including taking payment if applicable*)||Identity, Contact, Financial, Driving licence, Co-participants data (including children), Membership status Financial Medical Dietary Driving licence Co-participants data, including children Membership status||Contract|
|To process any special data as part of your registration for the event.||Medical, Dietary Financial||Consent|
|To arrange your accommodation or travel associated with the event||Identity, Contact, Financial Financial Medical Dietary Driving licence Co-participants data, including children Membership status||Contract|
|To communicate event information to you (programme information & updates, future event information, social functions associated directly with the event, accommodation & travel, Conference App details; reminders for any pre-event information you may have to return or any undertakings you may have to fulfil in order for you to gain maximum benefit from your attendance at the event)||Identity, Contact, Financial, Medical, Dietary, Driving licence, Co-participants data (including children), Membership status||Contract|
|To facilitate the distribution of electronic badges**||Identity||Contract|
|To facilitate the scanning of your conference badge by an exhibitor, typically on their exhibition stand, (or if you attend a virtual event, interacting with an Exhibitor or their stand, is the same as having your badge scanned). By allowing your badge to be scanned, you agree to share your data with the exhibitor and may be contacted by them after the Conference.||Identity, Contact||Contract|
|To facilitate networking opportunities for you by publishing the delegate attendee list in electronic format on the Conference App***||Identity, Contact||Contract|
*We do not store credit card numbers; this information is discarded after your transaction has been processed.
**Rapiergroup may use a third party supplier, to facilitate the distribution of delegate electronic badges.
*** The delegate list comprises name and company name only and all attendees at the conference may access the list only via their Conference App login.
Disclosure of your Information
We do not disclose your information to any 3rd parties other than those named above.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may disclose personal information under the following circumstances:
- In certain situations, we may disclose personal data in response to lawful requests by public authorities, including but not limited to national security or law enforcement requests. We may also disclose your personal information as required by law, such as to respond to court orders, or similar legal processes, to establish or exercise our legal rights or, defend against legal claims, or if in our judgment in such circumstances disclosure is required or appropriate.
Disclosure of your Information
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer.
Processing and Storage of your Information
The information you supply to register for events is processed via a secure registration software package, held on a secure server and only accessible by employees of Rapier Design Ltd who have the correct permissions and training to process your data. Your data will be kept for the duration of the event life cycle and used to communicate with you as outlined above. The data will be kept for a maximum of two calendar years and then deleted via secure methods.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology.
We use physical, electronic, and procedural safeguards to protect personal information - our IT arrangements aspire to “Data Protection by Design” and should be able to detect a significant data breach. Where such a breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage we will notify the ICO. Where a breach is likely to result in a high risk to the rights and freedoms of individual data subjects, we will also notify those concerned directly and at the earliest practical opportunity. We shall then fully investigate a data breach and implement corrective action to prevent recurrence.
In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Data transmissions over the Internet are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we use reasonable efforts to ensure security on our systems.
Data retention and your rights and access to information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance valuation or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Details of retention periods for different aspects of your personal data are available upon request from us. You have the legal right to a copy of all the personal information about you held by us. You also have the right to correct any errors in that information and to request a transfer or deletion of that information.
Right to Be Informed
We strive to ensure that all those engaging with us are informed of our arrangements for processing personal data through this Privacy Statement which is linked to from our website home page.
Right of Access
We will respond to data requests within 1 month and will only charge for requests that are manifestly unfounded or excessive. If we have grounds to refuse a request we will inform the data subject and make them aware of their right to complain to the ICO or to seek civil action – again within 1 month of receiving the request
Right to Rectification
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will correct any inaccuracies in a data subject’s personal data upon receipt of a request. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to correct the data upon request but may not be able to do so if changing the data may conflict with our legal obligations or disadvantage us in a future legal action. In cases where we cannot rectify the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.
Right to Erasure
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will erase a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to erase data upon request but will not be able to do so if holding the data is necessary to fulfil our legal obligations or may be necessary as evidence in a future legal action involving us. In cases where we cannot erase the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.
Right to Restrict Processing
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will restrict the processing of a data subject’s personal data upon receipt of a request / opt-out notification. For personal data held under the legal basis of “Contract” or “Vital Interests” or “Legal Obligations” we will endeavour to facilitate the requested restriction upon request but will not be able to do so if restricting the processing of the data prevents us from fulfilling our legal obligations or the current processing of the data may be necessary as evidence in a future legal action involving us. In cases where we cannot restrict the processing of the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.
Right to Data Portability
For personal data obtained directly from a data subject under the legal basis of consent – we shall provide, upon receiving a request, the data that we hold in a standard, widely accessible format.
Right to Object
For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will cease to process a data subject’s personal data upon receipt of a request / opt-out notification
Changes to this Privacy Statement
Rapier Design Ltd. reserves the right to revise, modify, or update this statement at any time. We will notify you via email about material changes in the way we treat personal data or by placing a prominent notice on this website.
How to contact us about privacy issues
Tel: +44 (0) 1920 885163
You have the legal right to a copy of all the personal information about you held by us. You also have the right to correct any errors in that information and to request a transfer or deletion of that information.