The British Society for Paediatric and Adolescent Dermatology is a special interest group that is part of the British Association of Dermatologists. We are committed to protecting your privacy and security. This privacy policy from the British Association of Dermatologists explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.

1. About us

The British Association of Dermatologists was established in 1920 by Sir Archibald Gray, the Editor of the British Journal of Dermatology which had been founded in 1888. Today the British Association of Dermatologists (BAD) is a registered charity (no 258474) funded by the activities of its members. Its charitable objects are the practice, teaching, training and research of dermatology.

The BAD is registered with the Information Commissioner’s Office – ZA150524 The Information Commissioner’s Office (ICO) is the independent supervisory authority set up to promote and oversee compliance with data protection legislation in the UK. On 25 May 2018, a new data protection regime came into force, through the General Data Protection Regulation (GDPR) and the Data Protection (Charges and Information) Regulations 2018 (the 2018 Regulations).

There are 6 lawful bases for processing and the BAD has identified (a) Consent and (b) Contract to be its lawful bases for processing personal data and will demonstrate compliance in line with Articles 5(2) and 24. As a not-for-profit association the BAD is entitled to process data “for the purposes of establishing or maintaining membership or support for a body or association not established or conducted for profit, or providing or administering activities for individuals who are members of the body or association or have regular contact with it.”

2. Your Personal Data

We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person. 3. Personal data we hold

3.1. Personal data you provide

We collect your data either when you register on the BAD website as a contact, apply for membership for the BAD or a Special Interest Group (see section 5) online, register for an event via our website or contact the BAD via email or telephone. By agreeing to become a member with the BAD you are entering a legitimate interest basis for data processing. We collect the following:

• Personal details such as name, gender, ethnicity, date of birth, email, home addresses, telephone number
• Professional details such as your job title, hospital address, private practice address, GMC number, GMC status, NTN number, CV
• Financial information such as direct debit details.

3.2. Personal data generated by your involvement with the BAD

• BAD membership details such as your membership category, subscription status, subscription history
• Tracked email correspondence with yourself is stored on your contact record on our database

3.3. BAD is joint controller of the BADBIR study data with the University of Manchester. For linkage to NHS Digital, legal basis for processing are confirmed as GDPR articles 6 (1) (e) and 9 (2) (j). Please note data resides at the University of Manchester.

4. How we use your personal data

4.1. General use and administration

We process your personal data to enable us to run our operations and manage our relationship with you effectively, lawfully and appropriately. We may use your information to:

• Process membership subscriptions
• Maintain and update our membership database accurately
• Send you communications that you have requested and that may be of interest to you via our monthly e-newsletter or ad hoc BAD Alerts. These relate to information about clinical practice but may include information about our campaigns or services.
• To send you the BJD and CED Journals
• Provide you with letters of good standing. We provide details of your membership status to the AAD and EADV if you request a Letter of Good Standing to be provided.
• Help us meet the aims and commitments as set out in our equality policy

5. Disclosing and sharing your personal data

We do not sell your information to third parties We do not share your information with third parties for marketing purposes.

5.1. Provide services

We do have third-party service providers working on our behalf. For the purposes of completing tasks and providing services to you, we may pass on your information to our third-party providers such as our direct debit providers, Dynamics 365 and CRM support partners, BACS, any mailshot partner, and journal providers. When we disclose your information to these providers, we ensure that only the necessary information needed to complete the service they are carrying out is disclosed. We have a contract with each third party that means they must keep your information secure.

5.2. Information for the general public

All consultant members (Ordinary and Honorary Working categories) have the option to be added to our service ‘Find a dermatologist’. This is a service featured on our website which allows members of the public to search for consultant dermatologists within a radius of a postcode search. To opt in or out of this service, please log in to your membership account dashboard on the BAD website to manage your preferences. Your name and main NHS hospital will be listed as standard. Should you want to add more details about yourself including links to up to three private practices you can do so by logging in to your membership account dashboard and updating your details.

5.3 Information for affiliated groups

The BAD administers the membership of a number of Special Interest Groups (SIG), including handling applications, subscription payments, general membership enquiries and data updates such as change of personal details. All data is stored on the BAD database. All applications for SIGs are made via the BAD website. The BAD shares your data with the SIG as part of the application process, as it is necessary for each SIG to review your application and offer approval so the BAD may process your application. Please refer to each SIG’s individual Privacy Policy for more detail on how they handle your data.

6. Data security

6.1. Protection

We employ a variety of physical and technical measures to protect the information we hold and to prevent unauthorised access to, or use or disclosure of, your personal data. Electronic data and databases are stored on secure computer systems, and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.

6.2. Payment security

All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers. If you use a payment card to pay for membership or to purchase something from us online, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.

7. Storing your personal data

7.1. Where we store data

We are wholly based in the UK and store data within the European Economic Area.

7.2. Retention of your personal data

We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests). We continually review what information we hold and will delete personal data which is no longer required.

8. Control of your personal data

8.1. Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:

• the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
• the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
• the right to have inaccurate personal data rectified;
• (where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.

There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

8.2. Complaints

Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting our Data Protection Officer in the first instance. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk

9. Cookies

Our websites use local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality (such as being able to shop online). Further information can be found in our Cookies Policy at /cookies

9.1 Links to other sites

Our websites contain links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting admin@bad.org.uk. If a third-party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.

10. Changes to this privacy policy

This privacy policy is subject to amendment to ensure it remains up to date and reflects how and why we use your personal data. The latest version will always be visible on our website. Any questions regarding this privacy policy should be sent to the British Association of Dermatologists Data Protection Officer and CEO Simon Morrison simon@bad.org.uk

Cookies

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

We don’t have a cookie banner as we don’t have any cookies on our site that track or look to collect information such as IP addresses. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Most browsers also allow you to change your settings to let you refuse to accept cookies. For example, in Internet Explorer you can do this by going to ‘Tools’, ‘Internet options’, ‘Privacy’ and then select ‘Block all cookies’ with the sliding selector. You should be aware though that this may make it difficult for you to use certain websites, including this one. Some cookies are needed to simply allow the page to load properly so if you block all cookies, it may cause problems in accessing websites or seeing all of the content.

Furthermore, ‘do not track’ (DNT) is a feature that some browsers offer as a default choice. If you enable it then websites receive a signal requesting that your browsing isn’t tracked. This may be for third party ads or social networks, or possibly analytics companies. If you would like to opt-out of Google Analytics, you can download an opt-out browser add-on for to do this: https://tools.google.com/dlpage/gaoptout?hl=en.

You can also always delete any cookies stored on your computer.

The table below explains the cookies we use and why.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Most web browsers allow some control of most cookies through the browser settings. If you decline cookies, this may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or allaboutcookies.org.

To opt-out of being tracked by Google Analytics across all websites visit tools.google.com/dlpage/gaoptout.