CSAR Privacy Policy

Introduction

The purpose of this privacy policy is to explain to users how Cambridge Society for the Application of Research (CSAR) complies with the GDPR regulations and other legislation and guidance on information governance.

CSAR will hold personal details supplied by individuals for one or more of these three reasons only:

  1. The individual has applied to become a member of CSAR or is a current or former member. Membership entitles individuals to attend CSAR lectures and other events.
  2. The individual has applied to buy a ticket to a CSAR visit
  3. The individual has applied to the CSAR PhD Student Awards or is a previous applicant.

By applying for membership, or to buy a visit ticket, or for the CSAR PhD Student Awards, an individual provides their consent to CSAR holding their data for the relevant purpose.

Where an individual has applied for a Family membership, that individual is asked to confirm that he/she has obtained consent for all members of the family identified on the membership application form.

CSAR does not hold data on individuals provided by third parties.

Subject access requests

Individuals wishing to make a subject access request are asked to contact info@csar.org.uk

Membership data

Membership data is held securely in a platform provided by www.membermojo.co.uk, for which the security details can be seen below.

CSAR does not export data on individuals to third parties (other than to www.membermojo.co.uk for the purposes of administering its membership system).

CSAR holds data in both cases for five years in order to be able to demonstrate to the charity, tax and other authorities that the charity is properly governed. After that period, the data is deleted.

Members can see and amend their data using the "Update Details" button at the top of the page.

Members can chose to be emailed for two optional purposes:

  • To receive notification of future events
  • To be invited to provide feedback on events that have taken place

On joining, the first is opted in by default, the second is opted out. Members can change this when they join, or subsequently change their preferences using the "Update Details" button at the top of the page.

Members are not able to opt out of receiving emails that relate to the administration of their membership e.g. notification of the expiry of their membership, or notification of the Annual General Meeting of the charity.

Members or former members can apply to have their data erased five years after leaving CSAR.

Membermojo information governance

membermojo provides online membership services for organisations.

In data protection terms we are the data processor for your organisation member data, and your organisation is the data controller. (ICO key definitions)

We provide the tools and controls that help implement your organisation's GDPR compliant privacy policy for managing personal member data.

This includes:

  • What personal data is stored - you define the personal data (membership form) that needs to be held for your organisation.
  • Gaining consent - your form can include 'accept terms' fields that must be ticked before the form completes. We store the date that the application, and therefore the consent, was completed.
  • Where data is stored - all servers and backups are hosted in secure UK facilities.
  • How data is protected - we provide security and access controls for your member data.
  • How long data is kept for - you define how long personal data is retained and we automate the deletion.

We also provide functions that assist members and administrators to exercise individual rights under GDPR.

  • Right to access - members can sign in to view their own personal data.
  • Right to rectification - members can sign in and amend their own personal data.
  • Right to Erasure - administrators can securely delete personal data for members requesting their data be erased. Erasing a member will remove their member record and anonymise any activity, attendance and (optionally) payment records.

Related topics:

More details on data protection principles and GDPR can be found on the Information Commissioners Office (ICO) website.

Visit or lecture ticket data

CSAR members seeking to buy a ticket for a CSAR visit or ticketed lecture do so through the www.eventbrite.co.uk platform.

Eventbrite’s privacy policy can be seen here https://www.eventbrite.com/support/articles/en_US/Troubleshooting/eventbrite-eu-data-protection

The only data held by Eventbrite on behalf of CSAR is that provided by the ticket purchaser during the transaction.

CSAR PhD Awards data

CSAR PhD Awards data is held in a Google Drive with dual factor authentication. Data is held for five years, after which it is deleted.

Last revised 21 July 2022

News

7th Dec 2023

Dr. Carol Ibe (2019 CSAR Student Award winner )

2nd Sep 2023

Smart rugby ball used in Six Nations 2023