How we use your information

Privacy Notice

May 2018

This Privacy Notice sets out the obligation regarding protection and the rights of members in respect of their personal data under the new EU General Data Protection Regulation (GDPR). This applies to the information we hold in our database and extends to the information we collect from visitors to this website, and those who log in to this website.

The new EU General Data Protection Regulation defines personal data as any information pertaining to a ‘natural person’ – an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This privacy notice sets out British Orthodontic Society’s (BOS) obligations regarding the collection, processing, transfer, storage and disposal of personal data. The procedures set out must be followed at all times by the Society, its employees and other parties working with the Society or on behalf of the Society. British Orthodontic Society is committed to complying with the law and places high importance on the correct and lawful handling of personal data.

Who We Are

British Orthodontic Society (Registered Charity No. 1073464) whose registered address is 12 Bridewell Place, London EC4V 6AP. British Orthodontic Society is a Company Limited by Guarantee Registered in England and Wales, Company No. 03695486.

Your Privacy Rights

As a member, you have the right to object to how we process your personal data; you can request to see what personal data we hold about you on our database, ask us to correct inaccuracies, delete, or restrict personal data; You can also ask us to provide your personal data to a third party such as ‘Find treatment’ where practice details are shared to the general public on our BOS website: www.bos.org.uk For members who register to use our online facilities, you can make changes to your personal data yourself by logging in on the membership portal; you also have the option to delete all your personal data from our website. Alternatively, you can contact us in writing via email or letter and ask to have your data deleted from our database. We then have a timescale of one month to respond to your request, we envisage to handle requests in a timely manner.

How we use your information

Information you voluntarily provide to us: When you apply for membership of the British Orthodontic Society, you are voluntarily giving us information that we collect for the purpose of handling new membership enquiries, for the purpose of contracting for and providing services for members, for the setup, maintenance and updating of the BOS account (including data from events), for the account management and access control and for providing data at the time of registration. This information may include one or more of the followings; salutation, first name, last name, sex, gender, date of birth, qualifications, nationality, address, country, e-mail address, mobile phone number), Members data related to the registration for, participation in and holding of the respective event (event data), such as events for which a person has registered.

Information you automatically provide to us: When you become a member British Orthodontic Society, you will receive our quarterly Journal of Orthodontics in the post. A mailing list of correspondence addresses is generated and supplied to the publishers of the Journal; that is the only occasion we would share your personal data such as your name and address after which it is destroyed. The British Orthodontic Society also supplies information, specifically name, email and GDC number, to the organisation (currently the Royal College of Surgeons of Edinburgh) for the purpose of sending an invitation to access the VLE/CPD information of the BOS VLE site and to the supplier of the BOS core CPD membership benefit. In line with the GDPR we will always seek your permission before sharing your personal information, other than for the above purposes. Your details will never be passed on to a third party except where you have opted in to the ‘Find treatment service’ or you have provided practice information to us.

How we store your information

Members personal data will be processed and stored on an electronic and paper database, our electronic database is a password protected software; we also keep the hard copies of membership forms in securely locked filing cabinets. British Orthodontic Society only grant employees access to the membership database for Society/orthodontic related purposes. As a membership organisation we store your personal data to keep you abreast with general BOS information and updates, information on BOS courses and events, questionnaires and surveys from the BOS approved by the BOS Audit Committee pertaining to British Orthodontic Society. This data will only be used to send NON BOS information if you have specifically opted in to receive it.

Disposal of Data

The BOS accounts are kept indefinitely. If a member terminates membership, all data in the BOS are deleted except for the person’s master data in the BOS (DSID, first name, last name, sex, date of birth, birth year, nationality). The master data are likewise deleted ten years after the termination of membership. Following the new GDPR laws effective May 2018, members have a right to erasure, also known as ‘the right to be forgotten’ : this is where members can request to have all data deleted from the database. Personal data of deceased members is deleted almost immediately after BOS are made of the death as there is no longer any need to keep data for any reason.

Privacy Note – Cookies

Website

When someone visits this website, we collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. We collect this information in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting this website. We will not associate any data gathered from this site with any personally identifying information from any source. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

Use of cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

The table below explains the cookies we use and why. Each cookie is listed by name, along with the following information:

Cookie Name

Cookie name note, if required

What is it for?

A brief description of what the cookie is used for.

How long does it last?

A cookie can either be deleted after a predetermined timespan, or as soon as the user’s session ends. A session is deemed as ending when the user closes his or her browser.

What’s the implication for site behaviour?

How would the site visitor’s experience change in the absence of this cookie?

Cookie name

What is it for?

How long does it last?

What’s the implication for site behaviour?

_utma
_utmb
_utmc
_utmz
These cookies are used to collect information about how visitors use our site, using a service called Google Analytics. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where vistors have come to the site from and the pages they visited. Session, 30 minutes, 6 months or 2 years, depending on the cookie name Without this, we will not be able to track the number of visitors to different parts of the website.
0-AuthenticationToken A random selection of letters and numbers agreed by prior calls between a third-party authentication system and the website to allow single-sign-on between different systems when configured. Session. Without this, the current user cannot be identified on the website, so signing in, purchasing items, My Profile, polls, and all other personalised sections of the site will stop working. This cookie is essential when a user signs in.
0-AuthSession-X. Where X is the ID of a page that has page-level authentication opt-in enabled. Contains the value “1” if a user has opted-in to access a page with page-level session opt-in enabled. Session. Without this cookie, page-level opt-in will not function.
0-Cubik.Forms.DefaultValue.X.Y. Where X is either “S” or “M” and where Y is the name of a field on a form Contains a value that will be shown as the default value in a question on a form. Allows third-party code to set form defaults. Session. If this cookie is not used, then default values cannot be set by any third-party system that is setting default values on forms in your site.
0-MetaDataSearch_X_Y. Where X is the name of a metadata search page, and Y is the unique ID of the current user. Contains the term that the user used to perform a metadata document search. Session. Without this cookie, document metadata searches will not work properly on the site.
0-ReadSearchDefinition The word “True” to record that the user needs to see the User Search form when on User Administration parts of the site. The word “False” is used to tell the system to hide the search form. Session. The user experience when searching for users is much degraded.
0-SessionID Used to track the user’s settings for their current browsing session. Typical content: randomly generated letters and text. Nothing in this cookie can be used to access a user’s private information. Session. Many site functions require this value.
0-sessionStartTime Holds the date and time that the current session started and is used by the pop-up survey function to display a survey a set number of minutes following the user arriving at the site. Session. If not used, then the pop-up survey feature will not function.
0-ShoppingBasketID A 32-digit randomly-generated number that identifies the shopping basket of the current customer. Session. Without this cookie, the user’s shopping basket will not be able to hold the contents of the user’s basket.
0-SortDirection Contains whether the search column is being sorted in “ASC”ending or “DESC”ending order. Session. No. Although without it, the sort order of search columns will not be remembered and this function will not work.
0-SortExpression Contains the name of the column on the User Search Results part of User Administration that is being used to sort the search results. Session. Without this cookie, the User Search Results table will not be sortable.
0-ssi A unique identifier to determine the current user of the website, randomly generated when the user signs in. Session. Without this cookie, then certain user functions will not work.
0-UserCanModifySite The word “True” if the current user is allowed to modify the site. Session. Certain functionality is turned on or off based on this value.
0-UsernameAlias Contains an alias name used by a user on the discussion forums. Session. If you use the alias function of the discussion forums, then it is needed.
1-SessionID Used to track whether the user is signed in. Typical content: randomly generated letters and text. Session. Without this cookie, then certain user functions will not work.
CMSAUTHTOKEN When you access the site, this cookie is set and is fundamental to site use. Session. Without this cookie, the site will not work.
CurrentLayout A single-digit number that represents the current ‘viewing option’ being used by the website visitor. Session. If you want your users to be able to use the Viewing Options accessibility features of your site, then it is needed.
ebdsFormAuthentication Encrypted value that identifies the current authenticated user within the system. Session. Without this cookie, then certain user functions will not work.
FormSubmission-{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} Where XX is the unique id of a web form page on your website. Name only (holds no value) if a form has been set up to only allow a single submission, this cookie remembers that the user has submitted the form. 5 years. If you want to use the ‘single submission only’ feature of the Web Form template, then it is needed.
ForumDisplayMode The word “Threaded” or “Flat” to determine the format that the user has selected to view discussion forums in. 1 year. Without this cookie, the display choice of the user will not be remembered.
username_XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX Where XX is the unique identification number of a website. Used to remember a user’s username if the user selects the ‘Remember my Username’ box on the sign in screen of a site. 1 year. Without this cookie, the ‘remember my username’ feature will not work.
WebPoll-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Where XX is the unique ID of a poll on your website. Name only (holds no value) if the user has voted on a poll. On the date entered by the author as the end date of the poll. Without this cookie, non-signed-in users will be able to vote multiple times on a poll.
X-UserSearchDefinition Where X is a single digit number from 0 to 9. Contains information entered by the user on the User Administration user search page. This allows the user to navigate elsewhere on the site and to return to the correct user search results. Session. Without this cookie, the search results will not be shown when the user returns to the search form.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXVisited. Where XX is the unique id of a web form survey page on your website. The word “true” to record that the user has completed a pop-up survey and to ensure that the survey does not get redisplayed to the user. 100 years. Without this cookie, the popup survey will not be able to remember that it has been shown, and will continue to be shown to the user.