GDPR is short for the General Data Protection Regulation that goes into effect on May 25, 2018. It was passed by the European lawmakers to create a harmonized data privacy law across all the EU member states. Its purpose is to:
- support privacy as a fundamental human right;
- require companies that handle personal data to be accountable for managing that data appropriately; and
- give individuals rights over how their personal data is processed or otherwise used.
How data is collected and used
The SRS exists to support you in your advancement of radiopharmaceutical sciences and your career. We collect or record basic personal information (e.g., name, e-mail address, mailing address, phone number) which is voluntarily provided through our online database, through the electronic mail or through other means of communication between you and us. We have no intention to collect more information than what we need to effectively serve you.
All member data is used to serve members: including access to online and print versions of journals and notifying them of meetings, employment opportunities, election processes, modifications to our website, or other services that they either expect or may benefit from. We will not make member information available to corporate partners or other organizations marketing intent without the member’s explicit consent (e.g. through a meeting registration check-box that enables members to permit or refuse consent).
The SRS also possesses and processes non-member data. When this data is less than three years old, we will use this to contact them regarding meeting notifications, modifications to our website or to provide any information that we genuinely feel will be useful for them. When this data is more than three years old, we will seek consent to continue communication. Additionally, non-member data will not be made available to corporate partners without the non-member’s explicit consent (e.g. through a meeting registration check-box that enables non-members to permit or refuse consent).
Cookies are files with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Like many websites, our membership database uses "cookies" to collect information and verify that you are a member. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use the “Members Only” portion of our website.
Like many websites, we also collect very limited and anonymous information that your browser sends whenever you visit our site ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our site that you visit, the time and date of your visit, the time spent on those pages, and other statistics. In addition, we use our web host’s service called Squarespace Analytics to collect, monitor and analyze data like most popular content, referring sites, platforms and page views in order to provide you with an improved website and member experience. To reiterate: this data is anonymous.
Individual rights under the European Union’s General Data Protection Regulation (GDPR)
There are several rights an individual may exercise under the GDPR, including:
- Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time.
- Right of erasure: Individuals can ask to have their personal data deleted.
- Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data.
- Right to object: When an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.
The SRS acknowledges and supports each of these rights.
Third-party data processors
The SRS uses third-party processors to communicate with and serve members and non-members. These include, but are not limited to, 123signup (our current membership management software/service), Elsevier (journal publisher) and Constant Contact (used for sending email blasts). Each of these processors has indicated their willingness to comply with the GDPR and other recognized guidelines in their roles as data processors on behalf of the SRS.
Each processor and the SRS make use of advanced technology like encryption keys as well as the employment of industry-standard measures and processes for detecting and responding to inappropriate attempts to breach their systems.
Data protection officer
Though the SRS does not make data processing a core part of our business, and we—therefore—do not believe we have to designate a data protection officer (DPO), our Executive Director, Charles Metzger, is our appointed DPO. Should you have any questions, complaints or needs, please contact him via email (firstname.lastname@example.org), phone (+1-830-370-6554) or mail (SRS, 223 Green Oaks Loop, Fredericksburg, TX 78624-4576 USA).