Privacy Policy

Our website address is: https://sedric.org.uk.

What personal data we collect and why we collect it

Comments

Last updated on 16th September 2020.

Wellcome, as the SEDRIC Secretariat, is committed to safeguarding your personal information in accordance with data protection law. This privacy policy relates to how Wellcome processes, collects, stores and publishes your information in relation to SEDRIC. For further information on how Wellcome generally handles your personal data, view Wellcome’s Privacy Policy here.

The Wellcome Trust Limited is a charitable company limited by guarantee incorporated in England and Wales (company number 2711000) (as trustee of the Wellcome Trust (a registered charity with number 210183)) (“Wellcome”).

Wellcome is the “data controller” of your personal information. This means that we are responsible for deciding how we hold and use personal information about you.

If you wish to contact us in relation to this Statement, you can do so by contacting our Data Protection Officer using the following details:

Data Protection Officer
Wellcome Trust
215 Euston Road
London NW1 2BE
United Kingdom
dataprotection@wellcome.ac.uk

Further information on data protection law can be found here: https://ico.org.uk/for-the-public

Your Rights

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Under the General Data Protection Regulation, you have a number of important rights. In summary, those include rights to:

  • access to your personal data and to certain other supplementary information that this Privacy Notice is already designed to address
  • require us to correct any mistakes in your information which we hold
  • request the erasure of personal data concerning you in certain situations
  • request access to the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
  • object at any time to processing of personal data concerning you for direct marketing
  • object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
  • object in certain other situations to our continued processing of your personal data
  • otherwise restrict our processing of your personal data in certain circumstances
  • claim compensation for damages caused by our breach of any data protection laws.

Your Personal Information

Information we collect from you.

Newsletter

We will collect and store some or all of the following types of information from you when signing up to receive our newsletter:

  • Email address
  • Your name

Membership

When submitting a membership application and when you are a member, we will collect and store the following information:

  • Your name and title
  • Your email address
  • Your region and country
  • Your current and previous job titles
  • Current and previous places of employment
  • Your areas of expertise and scientific interest
  • Your Linkedin and Twitter handles (optional)

We will be doing so where you have contacted us to become a member of SEDRIC in accordance with SEDRIC’s terms of reference.

With your consent gathered during the membership application process we will publicise some of that information on the SEDRIC website so that others working in the area can contact you on matters pertaining to the surveillance and epidemiology of drug-resistant infections. Information that will be shown on the website:

  • Your name and title
  • Your email address (if you provided consent)
  • Your region and country
  • Your current and previous job titles
  • Current and previous places of employment
  • Your areas of expertise and scientific interest
  • Linkedin and Twitter handles (if you provided consent)

Should you not wish to publicise this information you can request this, or otherwise withdraw your consent, at any time and for any reason by emailing SEDRIC@wellcome.ac.uk.

AMR surveillance projects

When you make a submission for details of your AMR surveillance project to be published on our website, we will collect and store the following information:

  • Project title
  • Project timeline
  • Location where the project is being carried out
  • Primary and secondary project topics
  • Names of project authors
  • Project description
  • Link to the project (optional)
  • Project author’s image (optional)
  • Contact email address

If your project submission is approved, we will publicise this information, except for the contact email address, on the SEDRIC website so that others working in the area can see details of your project.

We will contact you by email if we have any questions about your project submission.

If you have agreed to be introduced to other professionals within the AMR surveillance community who are interested in your project, we will contact you by email to let you know if someone expresses an interest. However, if you would prefer not to be informed, please email sedric@wellcome.ac.uk to let us know your preferences.

You can ask us to remove your project details from our website at any time and for any reason. Should you wish to do so, please email sedric@wellcome.ac.uk.

Other correspondence

If you contact us, we may keep a record of that correspondence.

Should you wish to withdraw your information from our systems at any time and for any reason you can do so by emailing sedric@wellcome.ac.uk

Information we collect from other sources

We do not collect information from other sources. The only information we collect has been provided by yourself.

Lawful basis for processing

Our processing of personal data with regard to assessing your membership application and processing your details in relation to your membership is on the basis of the legitimate interests of membership community development, such as connecting members with others working in the field to share expertise and sharing opportunities for members to get involved with SEDRIC’s work, invitation to take part in surveys pertaining to your work on surveillance and epidemiology or an enquiry to hear more on your fields of expertise and work.

Our processing of personal data with regard to assessing your project submission, publishing the details of your project and contracting you in relation to your project is on the basis of the legitimate interests of giving you an opportunity to let others know about your fields of expertise and work.

The lawful basis on which we process personal data in relation to sending you newsletters or event invitations, or where we want to publish your personal information on our members page or your email address alongside the details of your project, is consent. Consent will be collected when you submit a membership application, agree for your email address to be published alongside the details of your project, or otherwise sign up to receive a SEDRIC newsletter. Your consent can be withdrawn at any time by emailing sedric@wellcome.ac.uk or dataprotection@wellcome.ac.uk.

The relevant excerpts from the General Data Protection Regulation are below:

Article 6(1)

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Purposes of data collection and storage

We use information held about you to contact you for business related communications with your consent. These may include:

  • SEDRIC updates and newsletters
  • Event invitations
  • Invitations to participate in surveys

Should you wish not to be contacted for any of these you can request this for any reason and at any time by emailing SEDRIC@wellcome.ac.uk.

In terms of assessing your membership application and processing your membership with regard to the terms of reference will include:

  • Invitation to take part in SEDRIC’s work
  • Invitation to take part in surveys pertaining to your work on surveillance and epidemiology
  • Enquiry to hear more on your fields of expertise and work.

How we store your personal data

Security

We take appropriate measures to ensure that all personal data is kept secure including security measures to prevent personal data from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to view it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through any online means, therefore any transmission remains at your own risk.

Where we share your personal data

In addition to where you consent to your personal data being publicised, Wellcome may share your personal data with the SEDRIC Board as constituted from time to time in relation to your membership of SEDRIC.

Where we store your personal data

Your personal data will be stored in the EU and the US (dotdigital and WPEngine) and take reasonable measures to ensure the security of our data processing suppliers.

In particular, your data may be accessible to i) our suppliers’ staff in the USA or ii) may be stored by our suppliers hosting service providers on servers in the USA as well as in the EU. A Data Processor Agreement has been signed between our suppliers and its overseas group companies, and between the supplier and each of its data processors. These data processor agreements are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. In addition, WPEngine data processor is located in the USA and is covered by the EU-US Privacy Shield accreditation, which ensures a higher level of protection for Europeans’ personal data.

How long we keep your personal data

We will retain your data for up to 2 years, after our most recent communication.

Your personal information will be deleted on one of the following occurrences:

  • deletion of your personal information by your request, or
  • at the end of the retention period, unless otherwise stated by yourself.

For further information on your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please:

  • contact us using our Contact details below,
  • let us have enough information to identify you,
  • let us have proof of your identity and address, and
  • let us know the information to which your request relates.

Contact

All questions, comments and requests regarding this Privacy Notice should be sent via email to SEDRIC@wellcome.ac.uk or dataprotection@wellcome.ac.uk or by post, FAO SEDRIC Secretariat, Wellcome, 215 Euston Road, London, NW1 2BE.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information, please email SEDRIC@wellcome.ac.uk or dataprotection@wellcome.ac.uk.The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at http://ico.org.uk/concerns/ or telephone: 0303 123 1113.