Cookies and how we use them
What is a cookie?A cookie is a small file placed on your computer's hard drive. It enables our website to identify your computer as you view different pages on our website. Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.
- Analyse our web traffic using 'google analytics'
Aggregated usage data helps us improve the website structure, design, content and functions.
- Store information about your preferences:
Currently the preferred page style - 'default colours' or 'light background', is stored in a cookie.
This page explains the issues relating to NomadIT holding your data on behalf of CHAM. Information on membership/conferences is held centrally in a secure online database, providing greater data security, cheaper more efficient administration, and the potential for enhanced membership facilities - such as searchable online directories, live editing of personal entries, & editing of panel/paper abstracts.
Data held and its sensitivity
The NomadIT system holds individual and organisation contact information, membership subscriptions, conference registrations, academic background/interests, panel/paper abstracts, and a record of payments made. The only 'private' data held is a contact's Mobile phone number. This number will not be made publicly available, and is only held in order to facilitate contact by SMS during/en route to conferences - a function which has proved useful in past events. The only sensitive data held is the date of birth.
Date of birth (DoB)
The system requests your date of birth, to facilitate recognition. If the combination of name and DoB is recognised by the system when completing an online form, it will bring up your existing contact information. This recognition system allows time-saving on repeat visits (memberships/conferences); allows correlation between membership and registration; prevents double subscription/registration; while facilitating online editing of membership records, papers, etc. The DoB is not made public, nor considered in any decision-making/admin processes. A recognition system relying on name only would be prone to error and would allow others to access your contact details easily. Our aim is to avoid your having to use a set of credentials (username and password) which might result in a security risk to other more important data held in other systems, due to the common practice of reusing such credentials on multiple systems.
We however recognise that some consider date of birth to be 'security-sensitive'. You are not obliged to supply your real DoB - as long as you use the same DoB each time, it doesn't matter. Using your real DoB has the advantage of being easy to remember.
Purpose of holding data
The data collected will only be used for the purpose for which it is provided. This is deemed to be for invoicing/receipting of subscriptions/registration fees; and for mailings/email, relating either directly to the organisation/conference itself, or occasionally to news deemed of potential interest to the membership/conference (such as jobs, upcoming conferences, book releases, academic publishing promotions). The data will not be disclosed to any third parties. Data will not be shared between different NomadIT clients, unless there is a relevant agreement (for example when running a bilateral conference), and NomadIT are instructed to do so by the agreeing parties.
Data subjects may request a copy of the personal information held about them, by emailing the organisation/conference concerned, putting 'Subject Access Request' in the subject line.
The data controller
The controller is the organisation/conference with whom the membership/conference registration is made: NomadIT works on the organisation's/conference's behalf. As non-profit organisations the organisations/conferences are not obliged to notify the Information Commissioner of their holding data, although they are obliged to follow the Data Protection Act of 1998. The essence of that Act is detailed below.
If you have any complaints/enquiries, please email the relevant organisation/conference directly (see their specific websites for contact info); alternatively you can contact rohan(at)nomadit.co.uk if you wish to discuss issues relating to Data protection.
The eight principles
The Data Protection Act 1998 sets out eight rules that data controllers must follow for protecting personal information. Personal data must be:
- processed fairly and lawfully
- processed only for one or more specified and lawful purpose
- adequate, relevant and not excessive for those purposes
- accurate and kept up to date - data subjects have the right to have inaccurate personal data corrected or destroyed if the personal information is inaccurate to any matter of fact
- kept for no longer than is necessary for the purposes it is being processed
- processed in line with the rights of individuals - this includes the right to be informed of all the information held about them, to prevent processing of their personal information for marketing purposes, and to compensation if they can prove they have been damaged by a data controller's non-compliance with the Act
- secured against accidental loss, destruction or damage and against unauthorised or unlawful processing - this applies to you even if your business uses a third party to process personal information on your behalf
- not transferred to countries outside the European Economic Area - the EU plus Norway, Iceland and Liechtenstein - that do not have adequate protection for individual's personal information, unless a condition from Schedule four of the Act can be met
If a data controller's processing of personal information does not comply with the principles, the Information Commissioner can take enforcement action against that data controller.