Privacy and data protection policy
Our goal is to make sure that we meet the requirements of the EU General Data Protection Regulation (GDPR) by complying with the six principles it outlines for the processing of personal data, namely that this shall be:
Processed lawfully, fairly and transparently;
Collected only for specific legitimate purposes;
Adequate, relevant and limited to what is necessary;
Accurate and kept up to date;
Stored only as long as is necessary;
Processed with appropriate security, integrity and confidentiality.
The Open University Psychological Society (OUPS) is the 'Controller' of the personal data you give us. This means that we use it to provide you with specified services and are responsible for using it in accordance with these principles.
The information we need from you
The information we need to provide you with the services we offer includes your name, address and email address. It may also include details of any additional needs you have such as medical, dietary or mobility requirements that we need to take into account when organising your attendance at one of our events.
OUPS only collects the minimum amount of information required to transact fully with our customers, both OUPS members and non-members.
Why we need it
We need to know your basic personal data in order to contact you if we need to make any changes to events that you have booked or to send newsletters by post for example. We also use anonymised information, for example we use postcodes without any associated name or address information to help us assess potential event venues.
We do not provide any information to third parties except where we are required to by law, for example we often provide lists of attendees to venue staff at our events that can be used to check that buildings are completely evacuated in emergency situations, and we share information about delegates' additional needs with authorised staff so that we can ensure that these are correctly met.
You can configure your browser settings to prevent the storage of this information if you choose to, although the OUPS website may not then work as you expect it to. If you want to learn more about the general uses of cookies, including how to stop them being stored by your computer, please visit Cookiepedia - all about cookies.
We use two types of cookies on the OUPS website:
Strictly Necessary Cookies
These cookies are necessary for the website to function. They are usually only set in response to actions made by you which amount to a request for services, such as logging in or filling in forms. You can set your browser to block or alert you to these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All the information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Where we keep it
All the personal data we process is processed by our staff in the UK.
For the purposes of IT hosting and maintenance this information is located on servers both within the European Union, and in the U.S. where we have confirmed that our hosting providers are compliant with the GDPR requirements.
Information is allowed to be stored only on OUPS central servers or those hosted by 3rd party service providers with whom OUPS has established a contract. Officers or other representatives of OUPS may not create separate stores of personal data with the written approval of the OUPS committee.
How long we keep it
We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years if it is related to a transaction with us such as an event booking or a membership renewal. Information that only relates to transactions older than this is routinely destroyed.
The information you give us for the purpose of informing you about our events (name, email address, mailing preferences) is stored until you unsubscribe from our mailing list. We maintain a single central mailing list for marketing purposes, and you can change all your mailing preferences by clicking on the links at the bottom of OUPS marketing emails.
What we would also like to do with it
We would like to use your name and email address to inform you of our future events and similar products. You can give us this permission by visiting our mailing list and selecting the topics that you would like us to tell you about. This information is not shared with third parties and you can unsubscribe at any time by clicking the "Update your preferences" and "Unsubscribe from this list" links that appear at the bottom of all of our event-related mailings.
We will also contact you for administrative reasons, including addressing issues such as payment problems or to let you know of any changes related to your transactions (for example if your membership has expired).
Currency of information
We only store personal information that you give us, and do not contact you to keep this information up-to-date, but you can update your details at any time by logging in to the OUPS website and selecting the "My account" menu item, and via the "Update your preferences" link that is displayed on our emails.
Payment Card information
We do not collect or store any payment card information on our online systems. The details you enter are sent from your device (laptop, tablet, mobile phone) to our card processing partner, who then notifies us of the status of your payment. They do not pass through our systems.
Purchases using payment cards may also be made by placing an online order and then calling our Business Administrator to complete the transaction by phone. We do not retain payment card details once your card issuer has authorised your payment request.
OUPS is a Payment Card Industry Data Security Standard (PCI DSS) compliant merchant, assessed and validated annually by SecurityMetrics.
We treat data security very seriously. The operating systems and system software for all systems holding personal data are maintained at no less than the latest released version minus 1, unless critical security patches are released. These are tested and installed as quickly as possible.
The connection between your browser and our website is securely encrypted to prevent information that you enter on our website from being intercepted by third parties.
Data Compliance Officer
OUPS has a nominated Data Compliance Officer (DCO) who is responsible for data protection compliance and who acts as the main contact for all data protection issues. The responsibilities of this post also include ensuring that all staff are made aware of good practice in data protection and advising them if they have any related queries in respect of our data protection obligations and processes.
The DCO also handles external queries about data protection and regularly reviews data protection procedures and guidelines within the organisation to make sure we are maintaining a position in line with current legislation. All queries regarding OUPS and data protection can be directed to firstname.lastname@example.org.
What are your rights?
You can ask to see all the information that OUPS holds about you online under the "My account" menu item on the website, and via the "Update your preferences" link on our mailings. If you find incorrect information you can change it or ask for it to be corrected or deleted by contacting our Data Compliance Officer.
OUPS is a registered charity (No. 282744) and a member of the Fundraising Preference Service. You can choose to register with the FPS to let us know that you do not wish to receive any email, telephone, post and/or text messages from us.
If you wish to raise a complaint regarding the handling of your personal data by OUPS please contact our Data Compliance Officer who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law you can complain to the Information Commissioner's Office (ICO).
This policy describes how we collect and use personal data.