SRA Privacy Notice
22 October 2019
The Social Research Association (SRA) holds basic personal data that is provided to the organisation, in order to respond to requests to:
- Join the SRA or renew membership
- Register for an SRA event or training course
- Sign up to receive updates: newsletter, training, events, blogs, and other activities
Personal information held by the SRA
The online systems for people to register for training courses and events, to join the Association, and to sign up for mailing list updates, are self-service, with personal data entered online by an individual (or by someone acting on their behalf). This information is held in a secure database and includes:
- Membership registration data
Name, email, phone, street address, organisation name and type, and job title (where applicable), employment status and sector, region, membership fee.
- Data for registration for training courses and events
Name, email, phone, organisation name and job title (where applicable), region, ticket price, address for invoice (if relevant).
- Mailing lists data
First name, email, region.
People who pay for the above services (1 and 2) online with a credit/debit card are directed, following registration on the SRA site, to the website a reputable card payment provider, currently iATS. Card data and other information is processed by this supplier, via Netbanx. The personal information the SRA can access from these sources is that already supplied by the registrant via our website; together with the transaction date, a transaction code, and the last 4 digits of the card used. Any other card information is not known to, or held by, the SRA.
Why we need your data
The SRA needs to know this personal data in order to process and respond to the requests listed above and provide a service to you. Regional data is used for statistical purposes to monitor the regional impact of the organisation, and to ensure that mailings about localised events and courses are sent to the appropriate people. For members, employment status, organisation type, sector and region are aggregated and used for statistical reporting to trustees and others.
What we do with your data
All personal data we hold for membership is processed by our staff and contractors in the UK. When we send bulk emails to members, and to people who have signed up for mailing lists, their first name, region and email address are loaded to the website of a provider of bulk e-mailing services, via a secure login. The provider is 'Vertical Response' with servers in the USA; their privacy notice confirms that it has certified compliance with the EU-UK 'Privacy Shield' and so at the time of writing the use of their service is compliant with GDPR; however we will continue to monitor this. From November 2019 bulk emails will be sent only from within the CRM system, to members regarding their membership, and to people who have asked to receive updates. Member surves are currently processed by SDA; their privacy notice is here. No other third parties have access to your personal data unless the law allows them to do so.
We will not share your personal data with other organisations for marketing or similar purposes.
How long we keep your data
Membership data is held for up to 3 years after leaving the SRA. Basic personal data (name, address, contact details) and lists of attendees at events and training courses is held for at most 5 years. Data needed for accountancy purposes is held for 6 years.
If at any point you believe the information the SRA processes on you is incorrect, you can either correct it via your member login (for membership data), or request to see the information, and have it corrected or deleted, by writing to the SRA, c/o CILIP, 7 Ridgmount Street, London WC1E 7AE or by email: firstname.lastname@example.org
If you are not satisfied with the SRA’s response, or believe we are processing your personal data not in accordance with the law you can make a complaint to the Information Commissioner’s Office https://ico.org.uk/concerns/handling/