EURADIA Privacy Statement

5 December 2018

 

Introduction

EURADIA is an alliance of non-governmental organisations (NGOs) and healthcare companies working in the field of diabetes research. EURADIA is a registered charity in the UK. The NGOs include European academic and clinical researchers, healthcare professionals and patient groups.

The current list of Member organisations can be found here

EURADIA provides a platform for all those undertaking research to work together to benefit the wellbeing of people with diabetes, through advocacy for increased funding and improved coordination of diabetes research in Europe.

EURADIA is committed to protecting the privacy and security of your personal data.  Personal data is any information about a living individual that can be used to identify that individual.

This privacy statement describes how EURADIA collects and uses your personal data in accordance with the 2018 General Data Protection Regulation (GDPR) and related UK data protection legislation.

In this privacy statement, ‘we’ and ‘us’ means EURADIA, a charity registered in England and Wales under number 1154726, and as a company limited by guarantee under number 08608154. The registered office address is South Pallant House, 8 South Pallant, Chichester, West Sussex, PO19 1TH.  EURADIA’s contact address is below.

If you wish to raise any queries or concerns about this privacy statement, please contact EURADIA:

  1. i) By email at: secretariat@euradia.org
  2. ii) In writing to: EURADIA, Attn. Executive Director, 13 North Parade, Horsham, West Sussex, UK, RH12 2BT

 

Changes to this privacy statement

This privacy statement was published on [5 December 2018] and last updated on [5 December 2018].

We may change this privacy statement from time to time.  We suggest that you review this privacy statement from time to time to see if we have made any changes.  However, if we do change this privacy statement, we will inform you via any of these mechanisms: a popup notice appearing on the EURADIA website and through our regular newsletter.

 

EURADIA as data controller

EURADIA is the data controller for the personal data that you provide to us via the EURADIA and DIAMAP websites.  This means that EURADIA decides how to use the personal data that you submit and is responsible for looking after it in accordance with the terms of the UK’s data protection legislation.

As data controller, EURADIA’s legal basis for processing the personal data that you provide via the EURADIA and DIAMAP websites is that the processing is necessary in the legitimate interests of EURADIA

  • To relieve the needs or to improve the health of people affected by diabetes, by supporting and promoting research in Europe;
  • To act as an advocate promoting diabetes research and diabetes researchers;
  • To facilitate co-operation and collaboration in order to help to promote, foster and support diabetes research.

EURADIA will hold and process your personal data in compliance with the UK’s data protection legislation.

 

Use of personal data

EURADIA will ask you for the following information:

  • If you subscribe to the EURADIA newsletter via our website, we will ask you for your email address. You can unsubscribe from this newsletter at any time, either using the link on the newsletter or by emailing secretariat@euradia.org
  • If you register to attend an event run by or supported by EURADIA, we will ask you for other more specific information that may include contact details, job description or other work-related information and dietary information or other information about any special requirements you may have.

EURADIA will use your personal data to:

  1. Provide and improve the services we operate: including our mailing lists, our events and our projects;
  2. Help us to promote, publicise and facilitate diabetes research;
  3. Help us to prepare reports and analysis of developments and trends in diabetes research;
  4. Help us to provide appropriate information on our website;
  5. Communicate with you through: our newsletters; mailing groups; to invite you to events; to speak at meetings and conferences and/or participate in expert groups and consultations; to submit material for publication and other forms of dissemination. You can opt out of these at any time;
  6. Tell you about changes in how we operate, or provide you with formal documentation as part of your membership and/or support – for instance services and administrative emails (e.g. formal papers for our AGM), billing information, and important service related notices, such as security and fraud notices;
  7. Help us to organise and run events.

Please note that as part of these processes and uses, your personal data may be shared with EURADIA’s member organisations.  

 

Confidentiality and data sharing

The current list of EURADIA member organisations is available hereEURADIA member organisations are aware that they are not authorised by EURADIA to use any information that is shared with them for commercial purposes.

EURADIA will only share personal data with third parties who are not EURADIA member organisations where EURADIA has an appropriate legal basis for doing so or is required to do so by law.

As at the date of this privacy statement, EURADIA has no arrangements for sharing data in place with third parties who are not EURADIA member organisations and no such arrangements are contemplated.

Why do we need your personal data?

EURADIA’s aim is to benefit the wellbeing of people with diabetes, through advocacy for increased funding and improved coordination of diabetes research in Europe.  We ask for your personal data to help us to do this.

 

What do we do with the personal data?

All the personal data that is submitted to EURADIA is processed by our staff in the UK.

However, in addition, EURADIA uses external suppliers to help us to perform our functions.  These external suppliers include:

  1. Asset ICT Ltd host and Boonwag Ltd maintain the EURADIA website on our behalf.  Personal data that is submitted via the EURADIA website will be stored and processed on our behalf by ASSET ICT Ltd and Boonwag Ltd on servers located within the UK.  The EURADIA website is supported by load sharing servers in the UK to ensure faster loading times.
  2. Suppliers such as Eventbrite, Mailchimp and Surveymonkey who help us to organise events and surveys and who help us to circulate newsletters.

https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB

https://mailchimp.com/legal/privacy/

https://www.surveymonkey.com/mp/legal/privacy-policy/

 

How long will we keep the personal data?

EURADIA will hold your personal data for 4 years.

After 4 years, unless it is updated or re-confirmed, your personal data will be retained for a further 6 years [10 years in total] in a separate archive.  It will be used for research purposes in order to allow us to identify trends in diabetes research or to provide reports relating to diabetes research.  The information in the archive will not generally be accessible to EURADIA members and will only be used to support our research.  You can ask us to remove information from our archive at any time.

We aim to refresh all the details we hold on an annual basis but we encourage you to contact us with updates as and when you can.  It is in everybody’s interests to ensure that the information that EURADIA holds and that is publicly available via the EURADIA and DIAMAP websites is as accurate as possible.

EURADIA may keep your personal data for longer than 10 years if we are required to keep it for longer for legal, accounting or reporting reasons. 

 

Keeping your personal data secure

We have appropriate security measures in place to prevent personal data from being accidentally lost or used or accessed in an unauthorised way.

We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data on our behalf are only permitted to use it for the purposes outlined in this privacy statement and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. 

 

Your rights

Under certain circumstances, the law gives you the right to:

  1. Request access to your data (commonly known as a “subject access request”). This enables you to receive a copy of your data and to check that we are lawfully processing it.
  2. Request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
  3. Request erasure of your data. This enables you to ask us to delete or remove your data under certain circumstances, for example, if you consider that there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
  4. Object to processing of your data where we are processing it to meet our or legitimate interests (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
  5. Request the restriction of processing of your data. This enables you to ask us to suspend the processing of your data, for example if you want us to establish its accuracy or the reason for processing it.
  6. Request the transfer of your data to another party.

Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.

Further information on your rights is available from the website of the Information Commissioner’s Office.

If you want to exercise any of the rights described above or are dissatisfied with the way we have used your personal data or if you have any questions about this privacy statement, please contact EURADIA using the details above.

We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of the UK’s data protection legislation.  Please note that we may keep a record of your communications to help us resolve any issues which you raise.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/.