BOHS is the Data Controller for personal data relating to members, candidates, conference and event attendees, supporters and website users. Our ICO registration number is Z6502558.
We do not trade personal data for commercial purposes and will only disclose it if; it is required by law; it is necessary to fulfil our contract with you, or it is with your consent.
This policy was updated in May 2018 to show that we are adhering to the new General Data Protection Regulation (GDPR), which came into force on the 25th May 2018.
BOHS assumes that individuals who join the Society as a subscribing member would expect to receive communications such as a membership magazine, member newsletters and the promotion of events/training which support the member, as they are considered professionally relevant, or align with the Society’s mission, strategic or objectives. These communications are sent to members based on there being a legitimate interest for the member, The Society and the profession.
Members are able to update their communication preference through the online member portal (MyBOHS) at any time. This includes opting in and out of different types of communication, stating whether they would like print or electronic, along with updating their personal information.
Personal information relating to members is stored on a Customer Relationship Management system (IMIS) which is a cloud based system. We do not store customer debit/credit card details either in this system or elsewhere.
There are occasions where BOHS uses third party suppliers in order to provide membership benefits, and in doing so will share the minimum amount of personal data necessary to fulfil the member benefit. This is done on the understanding that that the data processors only use the information for this purpose. Specifically, this includes; Oxford University Press for the purpose of providng members with access to the journal, Annals of Workplace Exposures and Health; MiVoice for the purpose of facilitating the annual election process; Irongate for the mailing of Exposure magazine; APT Ltd for the processing of direct debits and PayPal as a credit card processor.
Conference or event attendees
If you are a BOHS member and book an event, then we will use the information stored in your membership record in order to manage your booking. We will also capture additional information, such as your dietary requirements.
If you are not a BOHS member and book an event, then you will be asked to set up an online MyBOHS profile in order to create your booking. In doing this, you will be asked to enter your name, address, company, contact details, dietary requirements and payment details.
This information is required in order to administer the event, and is stored on a Customer Relationship Management system (IMIS) which is a cloud based system. We do not store customer credit card details either in this system or elsewhere.
Following the event, we will from time to time let you know about similar events. If you do not wish to receive such emails you can unsubscribe at any time by clicking the link at the bottom of the email, update your communication preferences by making amendments in your MyBOHS account, by emailing us at firstname.lastname@example.org or by calling us on +44 (0) 1332 250713.
There are occasions where BOHS uses third party suppliers in order to support the management of a conference, and in doing so will share the minimum amount of personal data necessary to do this. This is done on the understanding that that the data processors only use the information for this purpose. Specifically, this includes; Nicholas Hunter for the production of name badges. Lists of delegates are also provided to Exhibitors, although this is never more than your name and company. We use PayPal as a credit card processor.
If you are a speaker/presenter at a BOHS event, we will publically promote your involvement via Twitter, LinkedIn and emails to our supporters. This data may continue to be processed by those platform providers after the event has ended.
If you make an application to speak/present at an event, you may asked to submit an abstract. We sometimes use Oxford Abstracts, a third party supplier, to manage submissions. Submissions are shared with the organising committee and deleted by all parties once they have been reviewed.
Qualifications and training candidates/learners
If you take a BOHS examination, we capture personal information from you in order to process your examination script and inform you of your examination result. We will also contact you by email from time to time about related training courses and qualifications.
When we collect this data, we will also ask you to opt in to hear about other services provided by BOHS. You can opt in or out at any time by sending an email to email@example.com or calling +44 (0) 1332 298101
Your personal information is stored securely on a computer system provided by Calibrand and hosted within the EU.
There are occasions where BOHS needs to share your data in order to administer your qualification, and in doing so will share the minimum amount of personal data necessary to do this. This is done on the understanding that that the data processors only use the information for this purpose. Specifically, we share your data with examiners, who are individuals working on behalf of BOHS. The examiners will only be provided with your name and exam script, and no other personal information. For individuals who have passed a W module, we may publish your name, the title of the qualification, the date you passed and your certificate number on the OHTA website at www.ohlearning.com. We will also share your qualification result with your approved training provider, on receipt of a written request, to public or professional bodies, service authorities, universities, colleges, your current, past or prospective employer/recruitment agency and any other body if we are required to do so to comply with regulation or law.
We maintain a record of your qualification indefinitely, and will take reasonable steps to keep an accurate record of any personal data you have submitted. However, we do not assume responsibility for confirming the ongoing accuracy of your personal data. You can update your personal data by emailing us at firstname.lastname@example.org or calling +44 (0) 1332 298101.
We use Google Analytics (GA) to track site user interaction. We have GA code installed on our site which creates one or more text files on your computer (called a “cookie”). The cookies contain an ID number which is used to uniquely identify your browser and track each site you visit that has GA enabled.
We use this data to determine the number of people using our site and to better understand how they find and use our web pages. With this information we can continually improve the information that we provide on our site. We can also use it to increase the number of new people finding our site.
Google analytics stores the following data:
- Time of visit, pages visited, and time spent on each page of the webpages
- Interactions with site-specific widgets
- Referring site details (such as the URL a user came through to arrive at this site)
- Type of web browser
- Type of operating system (OS)
- Network location and IP address
- Document downloads
- Clicks on links leading to external websites
- Errors when users fill out forms
- Clicks on videos
- Scroll depth
If you already have GA cookies, they will be updated with the latest information about your visit to the site. As we cannot access any personal data about you ourselves, we are not the Data Controller for your Google Analytics profile data. You would need to contact Google directly for this information.
You have the right to object to this tracking and to stop it happening. If you are uncomfortable with this tracking, you can take the following actions:
- Use a tracking-blocker, such as Privacy Badger
- Clear cookies after every browsing session
- Install the Google Analytics opt-out extension
Supporters of BOHS campaigns
If you attend an event related to the Breathe Freely campaign for which BOHS provides speakers and content as well as organising the venue, then you will be asked to provide personal information (name, contact details and job role).
Some of these events are funded by the European Agency for Health and Safety at Work (EU-OSHA), who are the data controller and who have appointed a secondary PR company to manage bookings on their behalf. BOHS are neither a data controller nor a data processor in this case and will not receive any personal data relating to delegates, only aggregate numbers of delegates. These events will be clearly marked as funded by the EU-OSHA.
Other events are managed by BOHS. In this case, we will use your personal information for the purposes of administering the event. We use the online software ‘Jotform’ in order to manage your booking.
Individuals can sign up to receive news about the campaigns either on the Breathe Freely website or at an event. We also send these newsletters to anyone who has signed up as an official supporter or to utilise the Hi-Management on the basis of legitimate interest. We maintain a record of newsletter recipients securely on the BOHS server which is hosted on-site. We use Mailchimp to manage our emails. Mailchimp store their data in the US although they comply with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework. You can opt in or out at any time by selecting ‘unsubscribe’ at the bottom of one of our emails, sending an email to email@example.com or calling +44 (0) 1332 250703.
Employees and job applicants
If you apply to work at BOHS, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside BOHS - for example, if we need a reference, or need to get a ‘disclosure’ from the Criminal Records Bureau - we will make sure we tell you beforehand, unless we are required to disclose this information by law.
If you are unsuccessful in your job application, we will hold your personal information for 12 months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information. We keep de-personalised statistical information about applicants to develop our recruitment processes, but this does not contain any information that could be used to identify individual job applicants.
If you begin employment with us, we will create an electronic personnel file on our online HR management tool (myHRtoolkit), containing information about your employment. You will be provided with log-in details for your online record during your induction. We keep the information in this record secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.
As an individual whose personal data is processed by BOHS you have the following rights:
- the right to access the data we hold about you
- the right to have your data rectified if its inaccurate
- the right to erasure (in some circumstances)
- the right to object to processing carried out
- the right of data portability
- the right to object to direct marketing
- the right to have your data restricted or blocked from processing
To exercise any of these rights, please email us at firstname.lastname@example.org or call +44 (0) 1332 250708