The following policies are adopted by the Scientific and Medical Network (SMN):
Data Protection
1. The SMN seeks at all time to be compliant with the requirements of the EU General Data Protection Regulations (GDPR) which is effective 25th May 2018.
2. The SMN has appointed one of its Directors, Richard Irwin, as Data Protection Officer and queries regarding data protection should can be submitted here.
Personal Identifiable Information (PII)
1. The SMN has identified the following information that it controls and processes in order to offer its members the services of membership. Without this information, we cannot keep you informed of our activities and includes.
- Name and address;
- Email address;
- Telephone Number;
- Subscriptions;
- Current and historical donations to the SMN;
- Purchases such as event tickets.
2. The above information is stored on computer systems either operated by the SMN in secure cloud-based environments protected by complex passwords, or on systems providing services to the SMN which include:
- Salesforce.com which is a cloud-based Customer Relationship Management (CRM) system;
- Xero.com which is the cloud-based accounting system used by the SMN;
- Mailchimp.com which is a GDPR compliant cloud-based email subscription management system for the SMN and for its associated Local Groups.
3. Credit and Debit Card information is not stored by the SMN in any system, however such information will be stored by our card payment processor Stripe.com as part of the payment service they provide. Payments taken over the telephone are entered into a Credit Card processing machine and the Credit Card number is not retained. Those members of the SMN who have administrative access to Stripe.com do not have access to the full credit card number used.
4. Additional personal information (profile information) can be volunteered by members who subscribe to our services through this website. This can include:
- Professional Qualifications;
- Professional and other Interests;
- Biographical Information;
- Bibliography;
- Social Media links, such as Facebook, LinkedIn and Twitter identifiers.
Profile information is not visible to non-members, however the information can be shared with other members who subscribe to the web site and who have joined the Members’ Directory or other Interest Group, whereby they have agreed to do so.
The web site servers are in a secure cloud environment which is protected by Firewalls which lock down all but essential access ports and other software including a Vulnerability Scanner and an Anti-Spam protector.
5. Requests for SMN members’ contact information from other members or other individuals or companies, except through the opt-in mechanisms available in the Members’ Directory and associated forums, will be refused. However, the SMN may, at its discretion pass on such as contact request to the member concerned.
6. Access control to different aspects of the web site by role-based authorisation and complex passwords.
7. The SMN does not share PII with third parties except that the information may be stored securely on the systems that it uses where they cannot be accessed by any but an authorised SMN administrator.
8. The public IP address of this server is hidden by our security measures.
9. This web site, uses cookies – small text files that are placed on a visitors’ machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. Google Analytics are used by the SMN to measure activity and trends on web site usage. The information is not used for the purposes of advertising. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
10. There is no physical access to internet servers except by engineers from the Cloud Service providers who in turn have no access to the virtual machines used to provide services.
Encryption
1. All access to this web site is over HTTPS or SSH over a virtual private network, these are encrypted protocols and protect user data from being intercepted.
2. File transfers to and from this website use the Secure File Transfer Protocol.
3. All passwords are encrypted.
Obtaining Information About You
1. A user of the web site can obtain access to the PII held on the web site and update it by going following the link to Edit Profile.
2. For information held in Saleforce.com a user should make a request for a copy of their data by submitting a request here.
3. Information held in Xero.com is related to financial records and not generally available except that a person can request that any inaccuracy in their PII should be updated.
4. Opting in and out of the various SMN mailing lists can be controlled using the form here and by using the unsubscribe options in any email the SMN sends to you.
Deleting Your Data
On request of the person that the data relates to, data can be deleted from:
1. Salesforce.com – This is done by the Office Manager on request here.
2. Mailchimp. This can be done by the Office Manager on request here, or by the user by unsubscribing through the “unsubscribe” link in emails sent to users, or by using the form using the form here.
3. The web site except where data relates to financial transactions for which a record must be kept. This can be done by a request to the Office Manager, on request here, who can log into the web site and delete information about a user. Or, a user can delete profile information themselves through the View/Edit Profile menu.
Data that cannot be deleted on request which includes transactional data in the accounts, i.e. Xero, Stripe, GoCardless, Barclays, CAF. This has to be kept to comply with financial regulations.
Data Breach
In the case of any data breach:
1. On discovery, a email/letter will be immediately sent by the DPO to the Information Commissioner’s Office (ICO) informing of the nature of the data breach.
2. An email/letter will be immediately sent to users explaining the nature of such as breach and how it might affect them.
Business Continuity and Disaster Recovery
1. The SMN relies upon cloud-based services for maintaining all its data and systems. It replies upon Service Level Agreements with these providers to ensure the availability of its services.
2. The website database and content is backed-up at least daily and before any upgrades. Restoration of the web site is regularly tested.
3. The website virtual machines are backed up weekly and before any operating system upgrades. Restoration of the virtual machines are regularly tested.
Payments Refunds and Cancellations
1. Payment Flow and Delivery Policy – Membership becomes active upon receipt of payment and members have the options of automatically renewing an annual or monthly basis. Delivery of the SMN Journal Paradigm Explorer is made three times during the year of membership. All members with a valid email address registered with the SMN will receive an electronic version of Paradigm Explorer for those who have opted for a paper version, this will be posed to the address registered with the SMN. Please Contact Us should your email or postal address change, or if you wish to cancel any automatic renewal of your membership fee. Payments for Conferences, Courses and Events organised by the SMN are in advance of the relevant date.
2. Refund / Cancellation Policy. Membership can be cancelled at any time, but such a cancellation does not attract a refund except in exceptional circumstances. The cancellation and refund policy for each conference and other event should be posted with the event details and any refund will tend to grow smaller, the near the date of the event. Please Contact Us should you wish to cancel your booking for any SMN event.