Who is the SCSC
Prior to 1 August 2016 the SCSC was managed by Newcastle University. At the handover of management responsibility personal information was transferred from Newcastle to York and is now being managed in accordance with this policy. The transfer of management responsibility has resulted in no significant change to the way personal information is being used and all Club members were informed of the transfer in writing at that time.
What personal information do we hold
Information provided by you:
- Your website account name and password (encrypted).
- Your name and contact details (email address, postal address, telephone numbers).
- Your employer’s name and address (optional).
- Your special requirement e.g. vegetarian (optional).
- Your preferences for communication and notifications.
- Your feedback and comments about SCSC events and activities.
Members or registered website users may check or update their personal information on the website as require by logging into the website and selecting 'My details' in the top right corner.
- Your current membership status.
- Your access permissions for areas of the website eg working groups.
- Your current and historic event bookings or membership payments.
Access to your personal information is strictly limited to yourself and the Club's secretariat. All personal information is encrypted during transmission between the server and a user's browser.
Your personal information relating to Club membership or participation in Club activities will be retained for a period of 10 years after your last involvement with the Club. Personal information relating to your website account will be retained for a period of 5 years after the last access of the account. These are the default retention periods; you have the right to request that your personal information is deleted at any time.
Why do we hold and process your personal information
We collect and process personal information about you for the single purpose of managing the SCSC. This is a legitimate lawful basis for processing personal data and covers:
- Communicating with you as a registered website user, a Club member or any other type of contributor or supporter using email or post.
- Allowing you to access information on the website that is not publically available.
- Allowing you to make event bookings and the Club to manage event bookings for you.
- Allowing you to participate in working groups or other activities operated by the Club.
- Collecting feedback from you about events or other SCSC activities.
- Keeping records of your membership and event attendance.
The SCSC does not hold or process your information for any other purpose.
How the SCSC uses your personal information
We use your information to identify you as a website user, a previous or current member or a participant in a working group. We use your information to provide you with information about your booking for an event, about meetings of working groups and copies of the Club newsletter. If you agree, by opting-in to email or postal communication on the website ‘My details’ page, we will send you promotional information about SCSC events and third party information relevant to safety-critical systems or safety-critical system developers.
We do not share your personal information with any other party.
Under the General Data Protection Regulations (GDPR) you have a number of rights:
- To be informed. This web page is freely accessible and constitutes full information about how we manage your personal information.
- The right of access. Almost all of your personal information held by the Club is accessible to you on the ‘My Details’ page of the website. You have the right to request a full listing of information held about you.
- The right to rectification. You can correct or update most of the personal information from the ‘My Details’ page of the website. You may also request changes be made to your information.
- The right to erasure. You can request that your personal information is deleted at any time.
- The right to restrict processing. Our use and processing of your personal information is as detailed above. You may request that your information is not processed in certain ways but that may result in our inability to provide some services.
- The right to data portability. If you make a data access request you can also request that the information that is processed automatically is provided in a portable format (CSV file).
- The right to object. You may object to the storage and processing of your personal information and we are obliged to consider your objection.
- The right not to be subjected to automated decision-making. The SCSC does not use automated decision making as defined by the GDPR.
To exercise any of these rights please contact us by email or post using the details below.
We must also ensure you are aware that you have:
- The right to complain to the Information Commissioner’s Office (www.ico.org.uk) about our management of your personal information.
The SCSC website allows you to make online payments for membership, event bookings and other purchases. Online payments are achieved using Realex Payments, a payment service provider selected by the University of York to provide their online payment facilities. Realex Payments comply with the PCI DSS (Payment Card Industry Data Security Standard) and securely manage all personal and financial data. When making online payments through the website you are entering credit card data directly into the secure Realex payment system. The only payment information stored by the SCSC is the status (success or failure) of the Realex transaction.
Cookies are text files placed on your computer. The SCSC uses only ‘session cookies’. These cookies contain a unique random number that can be used to correlate the sequence of browsing actions you perform, but they remain anonymous and cannot be used to identify an individual. The relationship between a session cookie and your personal information can only be made on the web server and is only possible during the duration of your browsing session. The session cookies are stored on your computer for the duration of your browsing session and are deleted when you close the browser. Most internet browsers keep session cookies in memory and do not write them to the computer’s file system.
The website uses browser cookies to allow your logged-in status, selected options and information entered, such as search criteria, to be saved between successive page viewings in your browsing session.
These session cookies are strictly necessary to the correct operation of the web site and, under the Privacy and Electronic Communications regulations (May 2011), do not require user consent. If you have your internet browser set to reject all cookies this site may not work correctly for you.
How to contact us
- By email: office@SCSC.uk
- By post: Safety-Critical Systems Club
Department of Computer Science
University of York
24 May 2018
The right to data protability:
Old text - If you make a data access request you can also request that the information is provided in a portable format (CSV file).
New text - If you make a data access request you can also request that the information that is processed automatically is provided in a portable format (CSV file).
20 March 2018