1. Introduction
1.1 We are committed to safeguarding the privacy of our members and website visitors; in this policy we explain what information we hold, for how long we hold data and how we treat your personal information.
1.2 Under the terms of the GDPR (General Data Protection Regulation) our reason for collecting data is Consent, i.e. you consent to us collecting certain personal data for the purposes of your membership.
2. Collecting personal information
2.1 We may collect and store the following types of personal information
2.1.1 information you provide when applying to join ECSA such as title, names, address, year of joining, scientific interests, type of membership
2.1.2 information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address)
2.1.3 any other relevant data, e.g. membership lapsed, wrong payment rate
2.1.4 information about your computer and about your visits to and use of this website (including length of visit, page views and website navigation paths)
2.1.5 information relating to any purchases you make of our services or any other transactions that you enter into through our website (including your name, address, telephone number, email address)
2.1.6 information that you post to our website for publication on the internet (including your user name, your profile pictures and the content of your posts)
2.1.7 information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication
2.1.8 any other personal information that you choose to send to us.
2.2 Before you disclose to us the personal information of another person, you must obtain that person's consent to both the disclosure and the processing of that personal information in accordance with this policy.
3. Using personal information
3.1 Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.
3.2 We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party's direct marketing.
3.3 We may use your personal information to:
3.3.1 personalise our website for you;
3.3.2 enable your use of the services available on our website;
3.3.3 supply to you services purchased through our website;
3.3.4 send statements, invoices and payment reminders to you, and collect payments from you;
3.3.5 send you email notifications that you have specifically requested;
3.3.6 send you our email newsletter (you can inform us at any time if you no longer require the newsletter);
3.3.7 send you marketing communications relating to our business or the businesses of carefully-selected third parties which we think may be of interest to you (you can inform us at any time if you no longer require marketing communications);
3.3.8 deal with enquiries and complaints made by or about you relating to our website;
3.3.9 keep our website secure and prevent fraud; and
3.3.10 verify compliance with the terms and conditions governing the use of our website (including monitoring private messages sent through our website private messaging service).
4. Financial transactions
4.1 Website financial transactions are handled through our payment services provider, PayPal. You can review the provider's privacy policy at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our website, refunding such payments and dealing with complaints and queries relating to such payments and refunds. PayPal do not provide us with any bank account or payment card details when you pay us, only your name is supplied.
4.2 Where payment is made via bank transfer or standing order, details are held by the bank on the Bank of Scotland’s secure server. We do not have access to account details of any payees paying us through the bank. ECSA receives only summary bank statements of payments. Any information supplied by the applicant to ECSA is not retained.
4.3 For a limited number of members who receive grants from ECSA, for which they have applied, and officials who receive expense payments from ECSA, for which they have applied, we may have details of accounts to which payments are to be made, but these are stored only on the Bank of Scotland’s secure server and no other electronic or paper listing of such accounts is retained.
5. Disclosing personal information
5.1 We may disclose your personal information to any of our officers or agents insofar as is reasonably necessary for the purposes set out in this policy.
5.2 We may disclose your personal information
5.2.1 to the extent that we are required to by law
5.2.2 in connection with any ongoing or prospective legal proceedings
5.2.3 in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
5.2.4 to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
5.2.5 Except as provided in this policy, we will not provide your personal information to third parties.
6. International data transfers
6.1 Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this policy.
6.2 Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. We cannot prevent the use or misuse of such information by others.
6.3 You expressly agree to the transfers of personal information described in this Section 6.
7. Retaining personal information
7.1 This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
7.2 Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. This will generally be for a period of no more than three years. If subscriptions fall into arrears, we will contact you to ascertain whether you wish to renew membership. We will send reminders to current members regarding subscriptions when these are due.
7.3 Notwithstanding the other provisions of this Section 7, we will only retain documents (including electronic documents) containing personal data:
7.3.1 to the extent that we are required to do so by law;
7.3.2 in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
8. Security of personal information
8.1 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
8.2 We will store all the personal information you provide on secure (password- and firewallprotected) servers, operated by a third party.
8.3 You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
8.4 You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
9. Amendments
9.1 We may update this policy from time to time by publishing a new version on our website.
10. Your rights
10.1 You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to the supply of appropriate evidence of your identity.
10.2 We may withhold personal information that you request to the extent permitted by law.
10.3 You may instruct us at any time not to process your personal information for marketing purposes.
10.4 You have the right to request that we delete your personal data if you wish to rescind your membership.
10.5 You have the right to complain to ECSA if you perceive there is a problem. This will be dealt with by the President, President-Elect, and any other appropriate Council officers as necessary.
10.6 You may expect requests for information to be dealt with within 30 days. Should a longer period be necessary, ECSA will inform you of this.
11. Third party websites
11.1 Our website includes hyperlinks to, and details of, third party websites.
11.2 We have no control over, and are not responsible for, the privacy policies and practices of third parties.
12. Updating information
12.1 Please let us know if the personal information that we hold about you needs to be corrected or updated. Much of this can be done by you as a member via the website.
13. Cookies
13.1 Our website uses cookies.
13.2 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
13.3 We use cookies on our website to enable the use of a shopping cart for membership payments (logged-in users only), to improve the website's usability, and to validate authenticated users’ sessions.
13.4 If you block cookies, you may not be able to use all the features on our website.
14. Our details
14.1 This website is owned and operated by the Estuarine and Coastal Sciences Association (ECSA).
14.2 We are registered as a charity with the Charity Commissioner for England and Wales and our charity registration number is 264006.
14.3 You can contact us by:
14.3.1 post to Professor Martin Wilkinson, Treasurer ECSA, 19-21 Reid Street, Dunfermline, KY12 7EE, Scotland
14.3.2 using our website contact form
or
14.3.3 by email, using the email address links published on our website.
Revised at 24/5/2018