Last updated: 3 May 2018
1. HOW WE COLLECT INFORMATION
The RMS may collect personal information from you in the following ways: (1) directly from your verbal or written input (such as by consenting to receiving marketing emails); (2) automatically through the RMS's website technologies including tracking online, such as by web cookies (which are small text files created by websites that are stored on your computer) cookies policy (see below); or (3) social media platforms.
2. INFORMATION YOU PROVIDE
The types of personal information that the RMS collects directly from you may include:
- Contact details, such as your name, email address, postal address and telephone number;
- Internet Protocol ("IP") addresses used to connect your computer to the Internet;
- Educational and professional interests;
- Tracking codes such as cookies;
- Usernames for the RMS website;
- Payment information, such as a credit or debit card number, this information will not be stored;
- Comments, feedback, posts and other content you provide to the RMS (including through the RMS website);
- Communication preferences;
- Location-aware services, the physical location of your device in order to provide you with more relevant content for your location;
- Information about your personal preferences, hobbies and interests; and
- Communications with other users of the RMS's services.
In order to access certain content and to make use of additional functionality and features of the RMS's websites and services, we may ask you to register for an account by completing and submitting a registration form, which may request additional information.
Before submitting personal information on behalf of someone else you must ensure you have their permission to do so for both the disclosure and the collection and use of information listed in this policy.
3. USE OF YOUR INFORMATION
The RMS may use your personal information in the performance of any contract we enter into with you, to comply with legal obligations, or where the RMS has a legitimate business interest in using your information to enhance the services and products we provide. Legitimate business purposes include but are not limited to one or all of the following: providing direct marketing and assessing the effectiveness of promotions and advertising; modifying, improving or personalising our services, products and communications; detecting fraud; investigating suspicious activity (e.g., violations of our Terms of Service, which can be found here) and otherwise keeping our site safe and secure; and conducting data analytics.
In addition, we may use your information in the following ways (after obtaining your consent, if required):
- To provide you with information about products and services that you request from us;
- To send you quarterly magazines or correspondence from the RMS;
- To provide you with information about other products, events and services we offer that are either (i) similar to those you have already purchased or inquired about, or (ii) entirely new products, events and services;
- For internal business and research purposes to help enhance, evaluate, develop, and create the RMS websites (including usage statistics, such as "page views" on the RMS's websites and the products therein), products, and services;
- To notify you about changes or updates to our websites, products, or services;
- To administer our services and for internal operations, including troubleshooting, data analysis, testing, statistical, and survey purposes;
- To allow you to participate in interactive features of our service; and
- For any other purpose that we may notify you of from time to time.
Personal information will not be kept longer than is necessary for the purpose for which it was collected. This means that, unless information must be retained for legal or archival purposes, personal information will be securely destroyed, put beyond use or erased from the RMS's systems when it is no longer required or, where applicable, following a request from you to destroy or erase your personal information.
4. DISCLOSURE AND SHARING OF YOUR INFORMATION
The RMS will not disclose to or share your personal information with any unaffiliated third party except as follows:
- Where necessary in connection with services provided by third parties (i) who provide us with a wide range of office, administrative, information technology, production, payment, or business management services, and (ii) who are required to comply with this policy;
- Where you voluntarily provide information in response to an advertisement from a third party;
- Where your consent has been provided, with a third party such as an academic institution, school, employer, business or other entity which has provided you with access to a product or service, information may be shared regarding your engagement with the service or product, results of assessments taken and other information you input into the product or service;
- Where the RMS is required to disclose personal information in response to lawful requests by public authorities and government agencies, including to meet national security or law enforcement requirements; to comply with a subpoena or other legal process; when we believe in good faith that disclosure is necessary to protect our rights, to enforce our Terms of Service, or to protect the rights, property or safety of our services, users or others; and to investigate fraud.
5. CROSS BORDER TRANSFERS
The RMS may transfer your personal information outside of your country of residence for the following reasons:
- In order to process your transactions, we may store your personal information on our servers and those servers may reside outside the country where you live. The RMS has servers in the United Kingdom. The RMS service providers are mainly located in the United Kingdom, however, some may reside outside of the United Kingdom. Such processing may include, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
- As the RMS is an International Society, in order to satisfy global reporting requirements, the RMS may be required to provide your personal information to affiliates in other countries.
We will use appropriate physical, technical and administrative safeguards to protect your data. Access to your personal data will be restricted to only those who need to know that information and required to perform their job function. In addition, we train our employees about the importance of maintaining the confidentiality and security of your information.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Transmitting information over the internet is generally not completely secure and we can’t guarantee the security of your data. Any data you transit is at your own risk.
View the RMS ISO 27001 Certificate
The RMS has been ISO 27001 accredited since February 2016, demonstrating the high standards the Society and all its employees meet in regards to information security management.
7. DISCLOSURE IN CHAT ROOMS OR FORUMS
You should be aware that identifiable personal information--such as your name or e-mail address--that you voluntarily disclose and that is accessible to other users (e.g. on social media, forums, bulletin boards or in chat areas) could be collected and disclosed by others. The RMS cannot take any responsibility for such collection and disclosure.
8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
As is true of most websites, we gather certain information automatically. This information may include IP addresses, browser type, Internet service provider ("ISP"), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site.
For more information on cookies, please click here.
10. YOUR RIGHTS
You have the right to make a written request to be informed whether or not we hold or process any of your personal information (by emailing email@example.com). In your written request, you may:
- Request that we provide you with details of your personal information that we process, the purpose for which it is processed, the recipients of such information, the existence of any automated decision making involving your personal information, and what transfer safeguards we have in place;
- Request that we rectify any errors in your personal information;
- Request that we delete your personal information if our continued processing of such information is not justified;
- Request that we transfer your personal information to a third party;
- Object to automated decision-making and profiling based on legitimate interests or the performance of a task in the public interest (in which event the processing will cease except where there are compelling legitimate grounds, such as when the processing is necessary for the performance of a contract between us);
- Object to direct marketing from us; and
- Object to processing for purposes of scientific, historical research and statistics.
Where applicable under your local laws, we will not use your personal information for marketing purposes, nor disclose your information to any third parties, unless we have your prior consent, which we will seek before collecting your personal information. You can exercise your right to prevent such processing by checking certain boxes on the consent forms we use when collecting your personal information. If at any point you wish to review or change your preferences you can use the "opt-out" or unsubscribe mechanism or other means provided within the communications that you receive from us or by sending an email to firstname.lastname@example.org. Note that you may still receive transactional communications from the RMS.
11. THIRD PARTIES
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the General Protection Regulation (GDPR). If you would like a copy of the information held on you please write to email@example.com.
If you believe that any information we are holding on you is incorrect or incomplete, email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
13. ONLINE PAYMENTS
The RMS website will accept online payments by credit or debit card from the following major credit card scheme, SagePay.
Any comments, complaints or questions concerning this policy or complaints or objections about our use of your personal information should be addressed by directing your comments to the RMS's Information Security Manager, via email to firstname.lastname@example.org
Please note, any concerns with how the RMS handle your information will be treated with great concern and addressed accordingly to meet your needs and the requirements set out under the GDPR.
If your request has not been acknowledged, or you are concerned in the way the RMS is treating your information, you may seek further guidance from the Information Commissioners Office (ICO) at http://www.ico.org.uk/.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.