Privacy Policy

This is version 1.0 of the IIS-UK privacy policy published on 01 Aug 2018.

The International Isotope Society UK Group (IIS-UK) has issued the following privacy policy in line with new GDPR regulations which came into effect on 25 May 2018. In summary, IIS-UK must:

• Have legitimate interests for collecting and using your personal information.
• Not use your personal information in ways that may adversely affect you.
• Be transparent about how we intend to use your personal information.
• Provide you with appropriate privacy notices when collecting your personal information.
• Provide a simple method for you to update your information or have it deleted.

IIS-UK takes data privacy responsibilities seriously and we want you to understand and feel confident about how we collect, use and safeguard your personal information when you engage with us via email, the IIS-UK website (https://www.iis-uk.org), in person or by other means. This policy sets out how we will treat your personal information.

1. What Information Do We Collect?

In the course of our activities, IIS-UK may collect, store and use a limited amount of your personal information for legitimate purposes to promote upcoming IIS-UK events via direct email marketing and to provide information concerning those events to delegates. The information we hold is purposefully limited to the type of information that can be found on a typical business card: first name, last name, employer (organisation/company name), work email address and in some cases a work phone number and postal address. In certain circumstances it is possible that IIS-UK may hold other information about you necessary to fulfil its obligations and provide services to you during events such as special dietary requirements and other organisational information. You will be asked to provide this information if/when the need arises.

2. Cookies, Tracking & Website Traffic

IIS-UK does not currently use cookies or any other method to track visitors to our website at https://www.iis-uk.org although our use of embedded third-party forms to collect registration information may use of cookies of their own. We currently see no need to track our visitors and have chosen to respect your privacy. Should things change in the future we will update this privacy policy and privacy policy notices will be displayed the first time users visit the website after the update.

The IIS-UK website (https://www.iis-uk.org) is accessible over TLS (Transport Layer Security, the successor to Secure Sockets Layer or SSL). All data sent between the server and client (website visitor) is encrypted using a certificate issued by the Let’s Encrypt Authority. Certificates are valid for ~90 days after which time the existing certificate is revoked and a new one issued automatically. Any third party services used to collect information via forms have been chosen because they conform to similar standards of encryption to protect your information in transit over the internet. It is expected that your ISP (or DNS or VPN provider) will be able to tell that you visited the IIS-UK website but cannot tell which pages you viewed or intercept any information that you send back while data transfer is encrypted.

3. Using Your Personal Data

We may hold a limited amount of your personal information in order to communicate with you by email (or in rare cases by telephone or post) for the purpose of promoting IIS-UK events or to provide you with delegate information once you have registered to attend an event and fulfil our obligations to you as a delegate. We do this because we believe that you are genuinely interested in being informed about our events and that we have a legitimate interest in contacting you.

4. Disclosure

IIS-UK may share personal information with conference facility vendors for the purpose of providing delegates with hospitality at events we organise. IIS-UK will not sell, share or otherwise disclose your personal information to any other third parties unless you have granted us permission to do so or unless we are required to do so by law.

If you consent that we may share your personal information with third parties then we will only share your information with event sponsors. These are typically companies that you may have existing relationships with, whose products or services you are likely to be interested in and with whom you have had the opportunity to interact with in person at IIS-UK events.

5. Security of Your Personal Data

We will take all reasonable precautions to prevent the loss, misuse, alteration or accidental disclosure of your personal information in accordance with this privacy policy. Personal information will not be stored in a publically accessible way. Access will be controlled and data stored in a limited number of locations, either under the direct control of members of the organising committee during processing or using a cloud service offering secure storage/access such that information is encrypted during transfer over the internet and where possible, encrypted at rest.

The security of information provided to us through insecure means (e.g. in the clear via email) cannot be guaranteed however once we have received your information we will use the methods described above to safeguard against further disclosure.

6. Policy Amendments & Transparency

IIS-UK may update this privacy policy document (and the publically accessible copy published at https://www.iis-uk.org/privacy) from time-to-time and without prior notice. The date of publication will be clearly displayed and a summary of changes from the previous version may also be included. Delegates at IIS-UK events and visitors to the IIS-UK website are encouraged to check this policy periodically to ensure you are familiar and satisfied with any changes.

7. Your Rights

The GDPR regulations provide certain rights with respect to the collection, use, maintenance and destruction of your personal information which the IIS-UK respects and honours. As such you have the right:

• To be informed about the types and uses of information IIS-UK collects and this information is described in section 1 of this privacy policy.
• Of access to your personal information and may instruct IIS-UK to provide you with a copy of any personal information we hold about you.
• To rectification of your personal information and may instruct IIS-UK to correct its records to ensure they are accurate and up-to-date.
• To erasure and may instruct IIS-UK to delete all the personal data we hold about you.
• To object to or restrict processing and may instruct IIS-UK not to process or to cease processing your personal data. The IIS-UK may only continue processing your information if it has a compelling reason to do so.

IIS-UK must comply with all requests within 1 calendar month of receipt although we will endeavour to manage requests more swiftly.

8. Third Party Websites

The IIS-UK website may contain links to other websites that we believe will be of genuine interest to you. You should be aware that we have no control over the content nor are we responsible for the privacy policies or practices of third party websites.

9. Contacting Us

If you have any questions about this privacy policy or wish to contact us for any reason, please write to us by email or by post to one of the following addresses:

Dr Chris Winfield
Chairman, IIS-UK
c/o Selcia Ltd.
Fyfield Business & Research Park
Fyfield Road
Ongar
Essex
CM5 0GS

Dr Daniela Roman
Treasurer, IIS-UK
c/o GlaxoSmithKline
Medicines Research Centre
Gunnels Wood Road
Stevenage
Hertfordshire
SG1 2NY