Data Protection
1. Definitions
a. “Conference” means the conference you have selected to attend in your abstract or registration form.
c. “Delegate” means the delegate who attends or wishes to attend the Conference.
d. “Data” means collectively all information that you submit to our Web Site. This includes, but is not limited to, account details and information submitted using any of our services or systems;
e. “Service” means collectively any online facilities, tools, services or information that OEDC makes available through its website either now or in the future;
f. “System” means any online communications infrastructure that OEDC makes available through its website either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
g. “Website” means the website of OEDC and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. OEDC Duties
2.1. OEDC needs to process personal data about its current, prospective and former delegates and their sponsoring institutions, its current, prospective and former staff, its suppliers/ contractors, its current and prospective supporters and other individuals connected to the company, as part of its everyday operations and is legally obliged to process such personal data in accordance with the Data Protection Act 1998, U.K (“the DPA”)
2.2. For the purposes of the DPA, the data controller is OEDC, which is committed to compliance with the DPA and takes seriously the responsibility of handling personal information.
2.3. This Policy has been developed to ensure that OEDC meets its obligations under the DPA.
3. Data Protection Principles
The Data Protection Principles require OEDC to ensure all personal data is:
• fairly and lawfully processed;
• processed for a lawful purpose;
• adequate, relevant and not excessive;
• accurate and up to date;
• not kept for longer than necessary;
• processed in accordance with the data subject’s rights;
• protected by appropriate security; and
• not transferred to other countries without adequate protection.
4. Personal data processed by OEDC
4.1. Personal data processed by OEDC can take different forms – it may be factual information, expressions of opinion, images or other recorded information which identifies or imparts something of significance about a living individual.
4.2. Personal data processed by OEDC may include (but is not limited to) basic personal details, contact details and: (for staff and contractors) additional information required for their employment or appointment including images and biometric data; (for delegates) passport and visa information, academic, disciplinary and other education related records, employment details, information about special educational needs, references, photographs, and financial information/bank details.
4.3. OEDC collects the personal data it processes directly from the data subject and from third parties (for example referees, sponsoring institutions, universities and the Criminal Records Bureau).
5. Purposes for which Personal data may be processed
Personal data (including sensitive personal data, where appropriate) is processed by OEDC in accordance with the Data Protection Act for the following purposes:
The provision of education including the registration of prospective delegates and administration of the application/registration process; administration of the Conference programme and timetable; providing certificates of attendance/participation to delegates; publication of conference proceedings, abstracts handbook and e-journal.
The provision of educational support and ancillary services including the administration of the Conference social programme activities; conference venue administration; and provision of wi-fi at conference venue.
The general administration of OEDC including the compilation of delegate records; the administration of invoices, fees and accounts; the management of the University/College/Hotel property where summer Conference is organised; the management of security and safety arrangements (including the use of CCTV); the administration and implementation of OEDC’s policies; and other reasonable purposes related to the OEDC’s operations, such as information given to University or College or Hotel venue providers.
The protection and promotion of OEDC’s legitimate interests and objectives including the publication of its website, the prospectus, fixtures and other promotional publications promote OEDC’s conferences to prospective delegates
The administration of its staff, agents and suppliers including the recruitment of staff/ engagement of contractors (including compliance with CRB procedures); administration of payroll, pensions and sick leave and the maintenance of appropriate human resources records for current and former staff; and providing references.
The fulfilment of the OEDC’s contractual and other legal obligations.
6. Processing of Personal Data
6.1 OEDC will only process personal data for the purpose(s) for which it was originally acquired and will not process it for any other purpose without the data subject’s permission, unless it is permitted to do so under the DPA. OEDC may communicate with data subjects for the purposes set out above by post, email and SMS.
6.2 Personal data shall only be disclosed to those members of OEDC’s staff and suppliers who need to access the personal data to carry out the purpose(s) for which it was acquired. OEDC adopts appropriate security measures to ensure that personal data is kept secure and not processed without proper authority. OEDC observes legislative requirements and current best practice to ensure personal data is kept for no longer than necessary.
6.3 OEDC will not transfer personal data outside of the EEA unless it is satisfied that the data subject’s rights under the DPA will be adequately protected.
6.4 OEDC would seek permission from the delegate before featuring the delegate particularly prominently in documentary films or articles for which OEDC may give permission.
6.5 When processing personal data for the purposes set out above OEDC may communicate by post, email and SMS and may make use of cloud computing services.
7. Third parties with Whom OEDC may need to share information
From time to time OEDC may pass personal data (including sensitive personal data where appropriate) to third parties, including local authorities, other public bodies (e.g. British Consulate in different countries), health care professionals, social activities providers, university/college/hotels providing conference venue, who will process the data:
to enable the relevant authorities to monitor OEDC’s performance;
to compile statistical information (normally used on an anonymous basis);
to ensure the delegates’ safe arrival
to safeguard delegate’s welfare and provide, where relevant, medical care;
where necessary in connection with conference and social activities undertaken by delegates; to monitor delegate’s special needs and requirements; to obtain appropriate professional advice and insurance for OEDC;
where a reference or other information about a delegate is requested by an educational establishment or employer to whom they have applied or already working;
where otherwise required by law;
otherwise where reasonably necessary for the operation of the OEDC and employment of its staff;
In the event of sale or purchase of any business or assets by OEDC, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If OEDC or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. All third party organisations are expected to comply with the Data Protection Act 1998 themselves and OEDC has no influence over the way they use their data.
8. Rights of Access to Personal Data
8.1Delegates have the right under the Data Protection Act to be given access to personal data held about them by OEDC. If a delegate wishes to access his/her personal data held by OEDC, a request should be submitted to OEDC in writing. OEDC may charge an administration fee of £10 for providing this information.
8.2 OEDC aims to respond to such subject access requests as quickly as possible and will ensure that any information is provided within 40 days unless an exemption from the right of access under the DPA applies. Some information is exempt from the right of access, such as details of a third party or disclosure of another individual. OEDC also has the right to withhold information that may cause distress or is damaging to read. Any references OEDC has received by a third party will not be disclosed unless the disclosure will not identify the source of the reference.
9.Accuracy
OEDC will endeavor to ensure that all personal data held in relation to students is accurate and up to date. Delegates must notify OEDC of any changes to information held about them. A delegate has the right to request that inaccurate information about them is to be corrected.
10. Security
OEDC will take reasonable steps to ensure that personal data is kept secure and is only accessed by authorised members of its staff for the purposes for which it is held. All staff will be made aware of this Data Protection Policy and their duties under the DPA.
11. Delegate’s responsibility
All delegates have a responsibility to comply with the Data Protection Act. They should not disclose personal information about another person without the consent of that person. This includes posting photographs on the Internet. If a delegate is found to have breached confidentiality it will lead to serious implications.
12. Enforcement
12.1. If a delegate believes that OEDC has not complied with this Policy or has acted otherwise than in accordance with the DPA, he/she should notify OEDC which shall, where appropriate, refer the matter for resolution in accordance with OEDC’s grievance/ disciplinary procedure (for staff) or complaints procedure (for delegates).
12.2. This policy forms part of the terms and conditions of all employees’ contracts of employment. A breach of the policy may be regarded as misconduct, leading to disciplinary action up to and including summary dismissal.
13.Changes to Our Data Protection Policy
Any changes we may make to our data protection policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
14.Contact
Any questions, comments and requests regarding our data protection policy are welcomed.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Visitor comments may be checked through an automated spam detection service.