SRA Privacy Notice
14 May 2018
The Social Research Association (SRA) holds basic personal data that is provided to the organisation, in order to respond to requests to:
- Join the SRA or renew membership
- Register for an SRA event or training course
- Sign up to receive job vacancy alerts, or updates about courses and events
Personal information held by the SRA
The online systems for people to register for training courses and events, to join the Association, and to sign up for mailing list updates, are self-service, with personal data entered online by an individual (or by someone acting on their behalf). This information is held in a secure database and includes:
- Membership registration data
Name, email, phone, street address, organisation name and type, and job title (where applicable), employment status and sector, region, membership fee.
- Data for registration for training courses and events
Name, email, phone, organisation name and job title (where applicable), region, ticket price, address for invoice (if relevant).
- Mailing lists data
First name, email, region.
People who pay for the above services (1 and 2) online with a credit/debit card are directed, following registration on the SRA site, to the website a reputable card payment supplier, currently either Worldpay or PayPal. Card data and other information is processed by those suppliers. The only personal information the SRA receives from payment suppliers is a confirmation of the name, email address, and the amount paid (together with the date and a unique transaction code). Card information is not known to, or held by, the SRA.
Why we need your data
The SRA needs to know this personal data in order to process and respond to the above requests and provide a service to you. Regional data is used for statistical purposes to monitor the regional impact of the organisation, and to ensure that mailings about localised events and courses are sent to the appropriate people. For members, employment status, organisation type, sector and region are aggregated and used for statistical reporting to trustees and others.
What we do with your data
All personal data we hold for membership is processed by our staff and contractors in the UK. When we send bulk emails to members, and to people who have signed up for mailing lists, their first name, region and email address are loaded to the website of a provider of bulk e-mailing services, via a secure login. The provider is 'Vertical Response' with servers in the USA; their privacy notice confirms that it has certified compliance with the EU-UK 'Privacy Shield' and so at the time of writing the use of their service is compliant with GDPR; however we will continue to monitor this. No other third parties have access to your personal data unless the law allows them to do so.
We will not share your personal data with other organisations for marketing or similar purposes.
How long we keep your data
Membership data is held for up to 3 years after leaving the SRA. Basic personal data (name, address, contact details) and lists of attendees at events and training courses is held for at most 5 years. Data needed for accountancy purposes is held for 6 years.
If at any point you believe the information the SRA processes on you is incorrect, you can either correct it via your member login (for membership data), or request to see the information, and have it corrected or deleted, by writing to the SRA, c/o Nuffield Foundation, 28 Bedford Square, London WC1B 3JS or by email: firstname.lastname@example.org
If you are not satisfied with the SRA’s response, or believe we are processing your personal data not in accordance with the law you can make a complaint to the Information Commissioner’s Office https://ico.org.uk/concerns/handling/