Privacy Policy

Who we are

The Healthcare Infection Society (HIS) is a registered charity (no.1158172) whose objectives are to advance knowledge of, foster scientific interest in, and disseminate information about the prevention and control of hospital and other healthcare-associated infections (HCAIs). We are a membership organisation, and our members are largely medical professionals who are consultant microbiologists, trainees and nurses based in hospitals. 

We run events, provide educational resources, offer grants and travel funding, produce clinical guidelines and publish the Journal of Hospital Infection. We are a Data Controller and a Data Processor.

Privacy

HIS is committed to protecting and respecting your privacy and complying with the General Data Protection Regulations (GDPR) 2018.

HIS takes your privacy seriously and we are committed to protecting your personal information. This policy sets out how HIS uses the information that you provide us with in order to help manage your membership, attendance at HIS events, article submissions and applications for our grants or roles within HIS.  

Submissions to the Journal of Hospital Infection are via Editorial Manager (http://www.editorialmanager.com/jhi/Default.aspx?pg=login.asp&username), a publishing system managed by Aries.  Authors submitting articles should familiarise themselves with the Aries Privacy Policy (https://www.ariessys.com/about/privacy-policy/. )

Our privacy commitment

We will:

  • Always hold your details securely, and only for a defined amount of time
  • Only share your information with the following suppliers, or when legally obliged to do so (for the purpose of fulfilling a contract we have with you, such as your membership, event attendance and JHI subscription):
  • Only contact you in the ways that you give us permission to do so, and we’ll make sure that everything we send to you is relevant to your membership, the JHI, and HIS activities
  • Adhere to your current communications preferences, and you can opt out at any time
  • Only analyse your data in order to communicate with you more effectively, better understand your preferences and our ability to support our work.
  • Make sure you’re in control of your information, and that you can ask us to stop using it whenever you chose. If you have any questions, would like to change your preferences or opt out of communications, please call 0207 713 0273
  • Not sell your data to any third parties, but we may sometimes share your information with trusted service providers as listed above. We ensure that any third parties with access to your data are held to strict standards for data use and security in accordance with GDPR.

 

Our Data protection officer can be contacted on 020 7713 0273

Your information – what we collect and how we use it

HIS collects information from individuals who make contact with us.  For example, we ask for contact and other information when a member joins the society, when event attendees register for an event, when authors submit an article to the JHI and when individuals apply for a grant or role.  We use this information to help us provide our services and to keep a record of our communications with you.

If you are a member or event attendee, we will ask for information that enables us to administer your membership or event payment.  This will normally include information such as your name, contact details such as address, email or telephone number and your payment details. 

We will contact you with information about your membership and our activities, and will ask for your consent to contact you regarding any communication that is not vital to the fulfilment of your membership or an activity for which you have signed up for. 

We will continue to ask about your marketing preferences, to ensure that you are still happy to be contacted by us and by which means. You can opt out of communications such as the monthly member electronic newsletter at any time by following an ‘opt out’ link at the bottom of these emails.

What the Law says about protection of personal information

The General Data Protection Regulation (the ‘GDPR’) became enforceable in May 2018. The GDPR states that personal data (information relating to a person that can be individually identified) can only be processed if there are legal grounds to do so. Activities such as collecting, storing and using personal information fall into the GDPR’s definition of processing. The GDPR provides six legal grounds (reasons) under which personal information can be processed (used) in a way that is lawful. For the processing to be permitted by law (lawful), at least one of the legal grounds must apply.

Lawful Processing

Within the GDPR, the six lawful bases for processing personal information are described in detail by the Information Commissioner’s (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/).  The four legal grounds under which HIS processes personal data are:

  • Consent
  • Legitimate Interest
  • Contract
  • Legal Obligation

HIS will always ensure at least one of the above legal grounds apply before collecting and processing your data.

How the law applies to HIS’s use of personal information

HIS will only process (use) your personal information if we have either:

  • Asked you if it is OK, and have a record of your express and recent consent for us to do so; or
  • Have a legitimate interest to do so in order to support our charitable purposes (for example, if you have reviewed a JHI article in the past, we will retain your information in perpertuity to allow us to ask you do so again (unless you explicitly ask us not to) because peer review is an essential component of the production of the JHI; or
  • A contract with you that we can only fulfil by using your personal information, e.g. to send you an item or information that is part of your membership or that you have requested (e.g. the JHI); or
  • A legal obligation to use or disclose information about you, e.g. we are required by law to keep records of financial transactions for 7 years; 
  • In addition, in extreme situations, such as an accident or medical emergency that may take place at a HIS event, we may share your personal details with the emergency services if it is essential for the preservation of life (yours or another persons’) for us to do so. This is the ‘vital interest’ ground for using your personal information. After the emergency, we will always try to inform you about how we had to use your information in that extreme situation.

We will not unduly prioritise our interests as a charity over your interests as an individual. We will always balance our interests with your rights. We will only use personal information in a way and for a purpose that you would reasonably expect in accordance with this Policy.

You can be assured that HIS will not rent, swap or sell your personal information to other organisations for them to use in their own marketing activities.

Consent

Where we have no legitimate interest or contract with you, HIS will only email you if we have an accurate record of your recent and freely given consent to do so. We will only telephone you if you have provided a telephone number, and only then if there is a problem with (for example) your membership application or renewal, or when you have asked us to telephone you. 

You can withdraw your consent at any time by contacting 0207 713 0273 or by emailing admin@his.org.uk

However, there are times when it is not practical to obtain and record consent. At those times, we will only process personal information if that processing would meet another legal ground e.g. legitimate interest, in which case we would only process in accordance with the law’s strict rules on legitimate interest processing.

What is Legitimate Interest?

This legal ground for processing means that HIS can process your personal information if we

1. have a genuine and legitimate reason for doing so and

2. are sure that use does not harm any of your rights and interests as an individual

HIS’s Legitimate Interest

We believe that the best way to look after the interests of individuals who engage with us is to consider their unique interests and expectations, and we have established the following categories to describe those who engage with HIS. This provides us with an additional method for assessing that we use your personal information in a way that matches your relationship with us; your interests; and your expectations about your rights.

The three categories for our data protection needs assessments are those individuals that have:

  1. Signed up for HIS membership, an event, submitted an article or a review to the JHI, or applied for a grant
  2. Demonstrated an interest in our work by contacting us for more information, e.g. to find out more about one of our events, join a committee, HIS grants or contribute to the JHI
  3. Job applicants, current and former HIS employees

 

What we have a Legitimate Interest to do

We believe that these three categories describe individuals who are connected to our mission, who want to know how they can engage or receive support from, and who would like to help us to achieve our charitable aims.

Unless individuals tell us not to, we keep and use individual's personal information for the following lengths of time.  We will not to keep personal information for longer than we specify below. This is not the length of time that we will continue to contact an individual – this could be a shorter period of time (see below for an explanation on our personalised approach to communications).

Membership of HIS

For individuals who have indicated an interest in HIS by becoming a member, we have a contract in place and need to keep your information to ensure that your membership is fulfilled.  If (for example) you decide to allow your membership to lapse, we will continue to contact you for a grace period of 56 days, after which you will be considered a Lapsed Member.  We will keep your information for a period of 3 years from when you lapse, to allow us to contact you as part of a lapsed member campaign as we feel that this is a legitimate interest. If you do not want to be contacted in this way, ask us to stop and we will do so.

Those who have demonstrated an interest in our activities

Event attendees

We will retain your information for a period of 5 years as we may run similar events to the one which you attended, and would like to tell you about the event, or for the purposes of offering you membership so that you can attend future HIS events at a reduced rate.  During registration for events we ask your explicit consent to do this.  You will need to opt in to allow us to contact you in this way.

Grant applicants

We will keep your information for a period of 2 years if you applied for a grant and were unsuccessful.  We do this in order to be able to alert you if there are calls for research proposals relevant to you as we feel that this is a legitimate interest.

If you were successful, we will keep your information in perpetuity, for the purposes of tracking the long-term impact of grant funding as we feel that this is a legitimate interest.  We will only contact you with enquires specific to your grant award.

JHI authors and reviewers

We will keep author and reviewer information in perpetuity for the purposes of dispute resolution as we feel that this is a legitimate interest.  We will not share your information with anyone who contacts us for this purpose. 

As a submitting author, you will only receive emails relevant to your submitted manuscript. You will not be added to our reviewer database. As a reviewer, we may contact you to request a review for new manuscripts relevant to the classifications you have selected in our database.

Job applicants, current and former HIS employees

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.

The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.

If you apply for a role and are unsuccessful, we will retain your information for 6 months.

If you are employed as a member of staff, we will securely retain your information for 10 years post your employment.  This is so that we are able to provide employment references on request and also proof of your earnings if we are required to by law.

Legitimate Interest to send you direct mail

We do not routinely send direct (postal) mail unless we have a contract to do so.  Unless you tell us not to, we will rely on our legitimate interest ground (explained above) for sending you direct (postal) mail.

We are always mindful of trying to only send you what you are interested in, and only as often as is appropriate. If we do not appear to be sending communications that are of interest, we will review this and will endeavour to reduce and then stop these types of communications. Please contact us to change your preferences at any time via admin@his.org.uk

Data Analysis

In order to communicate with you more effectively, better understand your preferences and ability to support our work, we may analyse your data.

We like to find out about your personal motivation for engaging with HIS and your experiences when you do so.  This helps us to give you the information about our activities most relevant to you.  In some instances, we may carry out research and/or analysis of the personal information that you have provided to us and add publicly available information (such as public records or social media) to help us tailor our communications to you.

Data Sharing

To help us provide services we use trusted service providers as follows:

who we insist also process data in compliance with GDPR.

HIS do not share, sell or swap your information with other organisations for their own marketing.

In some circumstances it is necessary for HIS to give relevant staff at our service providers access to your personal information.  This access is only granted to the extent necessary for them to perform their services for us. We require all service providers to comply with GDPR and the strict rules to protect the information you have given us.

Changes to your data

From time to time we may contact you to ensure that the information you have provided us with remains accurate and up to date. 

Like all organisations, we comply with requests for the disclosure of personal information where this is required or permitted by law.  This could include requests from law enforcement or tax agencies. In these circumstances, the request must be submitted in writing and in accordance with the relevant legal requirements.

Cookies and Web Privacy

The collection of information

Every time you log on to our website your IP (Internet Protocol) address registers on our servers. Your IP address reveals no information other than the number assigned to you. We do not use this technology to get any personal data against your knowledge or free will (i.e. we do not automatically record e-mail addresses of visitors). Nor do we use it for any purpose other than to help us monitor traffic on our website, or (in case of criminal activity or misuse of our information) to cooperate with law enforcement.

Cookies

We use a number of different cookies on our site. If you do not know what cookies are, or how to control or delete them, then we recommend you visit http://www.aboutcookies.org for detailed guidance.

The list below describe the cookies we use on this site and what we use them for. Currently we operate an ‘implied consent' policy which means that we assume you are happy with this usage. If you are not happy, then you should either not use this site, or you should delete the cookies having visited the site, or you should browse the site using your browser's anonymous usage setting (called "Incognito" in Chrome, "InPrivate" for Internet Explorer, "Private Browsing" in Firefox and Safari etc.)

First Party Cookies

These are cookies that are set by this website directly.

Google Analytics: We use Google Analytics to collect information about visitor behaviour on our website. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. This Analytics data is collected via a JavaScript tag in the pages of our site and is not tied to personally identifiable information. We therefore do not collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.

Third Party Cookies

These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by LinkedIn, Twitter, Facebook, Google+ and Pinterest. In order to implement these buttons, and connect them to the relevant social networks and external sites, there are scripts from domains outside of our website. You should be aware that these sites are likely to be collecting information about what you are doing all around the internet, including on this website.

You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.

Emails

Some emails that we send you have no tracking in at all e.g. service emails with invoices attached. Other emails we send we can track, at an individual level, whether the user has opened and clicked on the email. We do not use this information at a personal level, rather we use it to understand open and click rates on our emails to try and improve them. If you want to be sure that none of your email activity is tracked then you should opt out of our emails which you can do via the unsubscribe link at the bottom of every group email we send.

Storing your Data and Web Security

We ensure that there are appropriate technical controls in place to protect your personal details.  For example our online forms are always encrypted and our network is protected and routinely monitored.

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff. 

Financial transactions made online to HIS using this site are secure.  No one can access your credit card details via the internet.

How our website works

When you have completed your membership or event registration payment, your web browser will be connected directly to a secure server.  You can see that the connection is secure by looking at the padlock or key icon of your browser.  Your browser may also alert you to the fact that you are connecting to a secure server, and if so, it will also tell you when you are closing the secure connection once you have made a payment.  This is for your information only.

Our secure server communicates with your browser using SSL (Secure Sockets Layer) protocols, so that all your personal information, including credit card number and your name and address, is encrypted.  This process takes the words and figures you enter, and converts them into bits of code that are then securely transmitted over the internet.

Information

You may print any factsheet on this site for your own information but you may NOT sell it, reproduce it on the Internet, distribute it, alter it, or reprint it in any publication without permission from the HIS Information Office.  Your journal subscription is an individual subscription for your use only, and you may not share it with others.

Please note that all material on this website is the copyright of HIS or third parties. You may print any HIS factsheet on this site for your personal use, private study or for teaching purposes in schools colleges, hospitals or universities provided all material is marked "By kind permission of HIS" and the material cannot be adapted for use in any other publication, used for profit or used in any way that will bring the charity into disrepute.

The use of the name and logo of HIS is permitted for private study or teaching purposes as stated above. If you are unsure what material you can or cannot use please contact 0207 713 0273.

Photography

All photography on this site is reproduced with kind permission of the photographers concerned, or under licence.  You may not use any image on this website without permission.

This information was last updated in April 2018. From time to time, we will make changes to the information on this page. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.

Where we store your personal data

The data that we collect from you is obtained, processed, stored and transmitted in compliance with data protection legislation including the GDPR. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. Once we have received your information, we will use appropriate procedures and security features to try to prevent unauthorised access.

Disclosure of your information

You have the right to ask us not to process or retain your personal data for any purpose. 

Access to information

The GDPR gives you the right to access information held about you. Your right of access can be exercised in accordance with the GDPR. We may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive. We may also charge a reasonable fee to comply with requests for further copies of the same information.

If you would like to access your information, please write to us at this address

Data Protection Officer

The Healthcare Infection Society (HIS)

162 King's Cross Road

London WC1X 9DH

admin@his.org.uk

0207 713 0273

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to admin@his.org.uk