On some of the Society web pages, you can request information and order products. To complete a transaction the type of information we need from you are name, contact, delivery and billing information as well as credit card information.
In order to tailor our subsequent communications to you and continually improve our services to you we may ask you to provide voluntary information such as professional interests, experience with products or contact preferences.
Uses of Data
The Society primarily uses your information to help us complete your transactions or requests, and to communicate back to you. We may also use information to personalise sections of the website based on your profile, and for internal analysis to gain a better understanding of your needs.
From time to time, we may also use your information to contact you for market research or to provide you with information that we feel may be useful to you. We may also pass on your details to third parties who may contact you with relevant information. You will always be given the opportunity to opt out of marketing and survey contact from us and third parties.
We will not sell, rent or disclose your personally identifiable information without your permission or unless we are required by law.
If you have opted out of direct mail or market research contact, your personal data will only be used within the Society, its subsidiaries and business partners who are acting on our behalf for fulfilment of a service.
Access to Member Resources
Access to member resources is only available to members of The British Psychological Society and authorised subscribers.
For validation purposes and your convenience some of your personal details are retained online. These details are secure and should only be available to you. If you are concerned that someone may be gaining unauthorised access to the member resources using your account please email firstname.lastname@example.org
so we can take the necessary action.
A cookie is a piece of data stored on your hard drive containing limited information about you. Usage of a cookie is in no way linked to any personally identifiable information whilst on our site. Once you close your browser, the cookie simply terminates. Cookies are helpful in many ways (for example, you will not have to enter a password more than once thereby saving time while on our site). They also keep track of the contents of your shopping basket and enable us to track and target your interests to enhance the experience on our site.
We use IP (Internet Protocol) addresses to analyse trends, administer the site, track user’s movements and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information. We may also gather information about your web browser and computer operating system. This type of logging is in no way harmful, and we never gain direct access to your hard drive. This site never automatically logs your email address.
This website takes every precaution to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Capturing of Confidential Information Online
When our order form asks you to enter sensitive information (such as a credit card number), it is encrypted and is protected with the best encryption software in the industry - SSL (Secure Socket Layer). While on a secure page, such as our order form, the lock icon on the bottom of the web browser (e.g. Internet Explorer, FireFox or Safari) becomes locked, as opposed to unlocked, or open, when you are just 'surfing'. Your personal information is never transmitted via email and is never viewed or transmitted unencrypted. To learn more about SSL, please visit www.thawte.com
Use of email forms such as site feedback and request for further information
These email forms are not secure (i.e. they are not protected by SSL). Once submitted this type of form is transmitted unencrypted via email directly to our offices. Any personal information sent via these forms (such as address or credit card details) is done so entirely at your own risk. We cannot be responsible for any personal information sent by email.
Back office procedures
While we use SSL encryption to protect sensitive information online we also do everything in our power to protect your information off-line. All of your information, not just the sensitive information mentioned above, is restricted to our offices and our business partners who are bound by a confidentiality agreement. Only employees who need the information to perform a specific job (for example, accounts or membership services) are granted access to personally identifiable information. Our employees have been educated to password protect (i.e. ‘lock’) their workstation when they leave their desks. The office-based servers that we store personally identifiable information are kept in a locked room and are protected from external intrusion. A reliable Internet Service Provider (ISP) hosts our websites in the United Kingdom. The ISP ensures that the server is kept in a locked cage and protected by high-end security systems.
If you have any questions or concerns about the security of our website, please email email@example.com
Guide to Data Protection
The Data Protection Act 1984 was replaced on the 1 March 2000 by the Data Protection Act 1998 with transitional arrangements for existing processes until the 24 October 2001.
The Data Protection Act 1988 places a number of responsibilities upon people and organisations who use personal information and gives rights to individuals to control the use of their personal data and to obtain a copy of it. In particular the Act sets out a number of principles, described below) that govern how information is obtained, stored, and disclosed.
Data must be (the Eight Principles):
- fairly and lawfully processed;
- only obtained for one or more specified lawful purposes, and processed only for those purposes;
- only held if it is relevant and not excessive for any particular purpose;
- must be accurate and kept up to date;
- not kept for longer than is necessary;
- processed in accordance with rights of data subjects for personnel data;
- secure and protected to prevent unlawful or unauthorised processing, accidental loss, destruction or damage;
- not transferred to countries outside EEA (European Economic Area) without adequate protection.
The most significant difference between the old and the new Acts is that the new Act is not restricted to information held on computer. It also covers information held in other media such as paper and microfiche.
The Society takes the privacy and security of its contact data seriously. This guide to data protection is to ensure that our members and other contacts recorded are fully informed about the effect of the new legislation. It sets out the ways in which we handle information about you, and your rights in respect of that information.
What information do we hold and how do we obtain it?
Generally we receive information about you when you make an enquiry to the Society, apply for membership to the Society, inform the Society of any changes to your personal information (e.g. change of address, application for a change of membership status) or make a purchase from the Society (e.g. subscribe to a journal). Information held also covers employees of the Society, and anyone involved with the Regulatory Affairs of the Society.
For what purpose do we use your information?
We use your information for a number of purposes that are outlined below:
- to administer and maintain your Membership record;
- to respond to any query that you may raise about your Membership record;
- as input to a Regulatory Affairs case;
- to administer and maintain employees' records;
- to keep you informed (by post or email) about other products or services the Society or approved 3rd parties can offer;
- use information about you for the purposes of research and statistical analysis;
- disclose information about you to regulatory authorities in response to formal requests.
Caring for your data
The Society undertakes that it will have in place a level of security appropriate to the nature of the data and the harm that might result from a breach of security. The Society is particularly keen to keep any information about members accurate and where necessary up to date. To help us please keep us informed if any of your details change.
You have certain rights under the Act in relation to the information we hold about you. These rights are set out below:
Access to personal data (subject access)
You may request in writing to the contact address given below, details of the information we may hold about you, and the purpose(s) for which it is held. We will provide the information, in a permanent form, as at the time of the request, subject to any routine processing continuing between that time and the time of the response. Provision of such information will be subject to a charge (as permitted by the Act) currently £10 (cheque made payable to The British Psychological Society). Your request will be met within 40 days of receiving the request or, if later, of receipt of the cheque and any supplementary information needed to establish your relationship with the Society or verify your identity.
You are entitled, by notice in writing, to require us to stop using information about you for the purpose of direct marketing. Direct marketing means the communication of any advertising or marketing material that is directed to you.
Data Protection Compliance Officer
The British Psychological Society
St Andrews House
48, Princess Road East
The Data Information Commissioner
If you wish to know more about your rights in respect of protection of personal data you should write to:
The Data Information Commissioner's Office
Telephone: 01625 545700 (switchboard)