Privacy Notice
Please see our privacy notice below.
If you have any questions, you can call us on 020 7927 0800, drop us an email at roombookings@lms.ac.uk or fill out contact form.
Key Definitions
- De Morgan House operates under the London Mathematical Society to aid the society in it’s mission and objectives.
- Any reference to ‘We’, ‘Us’ and ‘Our’ is to The London Mathematical Society as an organisation as the over-arching organisation, as part of which De Morgan House operates.
- Any reference to ‘You’ and ‘Your’ is to you as an individual data subject.
- Any reference to ‘Our websites’ is to websites available within www.lms.ac.uk and www.demorganhouse.org.uk
Data Controller – The London Mathematical Society, which is the organisation responsible for deciding how personal data is processed.
Data Processor – Any organisation, which processes personal data on behalf of the London Mathematical Society.
Data Subject – You as the living individual whose personal data is processed.
EU GDPR – The European Union General Data Protection Regulation
EU GDPR Rep – The LMS’ EU GDPR Representative with whom data subjects and supervisory authorities, who are based in the European Economic Area (EEA), can liaise with regard to the LMS’ obligations under EU GDPR.
Personal Data – Any information about you as a living individual from which you can be identified (e.g. a name, photographs, videos, email address, or address) either by the information alone or in conjunction with any other information.
Privacy Notice – This Privacy Notice sets out details of the personal data that we will collect about you and how we will process your personal data.
Processing – The ways in which personal data is used by the London Mathematical Society, including collection, storage, disclosure and destruction/deletion.
UK GDPR – The United Kingdom General Data Protection Regulation.
Who we are?
How to contact us?
If you want to contact the Data Protection Officer, you can email us at privacy@lms.ac.uk or write to: Data Protection Officer, London Mathematical Society, De Morgan House, 57-58 Russell Square, London WC1B 4HS
Who is the LMS’ EU GDPR Representative?
How can you contact the LMS’ EU GDPR Representative?
If you want to contact the EMS, you can email them at ems-office@helsinki.fi or write to: EMS Secretariat, Department of Mathematics and Statistics, P.O.Box 68, 00014 University of Helsinki, Finland
Who is affected by our processing? (categories of individuals)
The following people are affected by the LMS processing their personal data for a variety of purposes and under different legal bases
What Categories or Personal Data do we process?
We process the following types of personal data listed below. However, we do not process all types of personal data for everyone. We process specific types of personal data for particular purposes e.g. we will collect and process National Insurance numbers from employees and trustees to meet our legal obligations.
Categories
- Personal details – name, date of birth, gender, National Insurance numbers
- Contact details – address, email address, telephone number, fax number, emergency contact details
- Financial details – bank account details, card payment details, tax details
- Employment details – CV’s, current and previous employers, references, salary details
- Education and Training details – Qualifications (professional and academic)
- Images – CCTV, photographs
- IP addresses – collected via Cookies
Special Categories of data
- Health details – dietary requirements, access requirements, allergies
- Identification details – passports, proof of identity, visas and work permits
- Criminal convictions
- Religion
Why do we process personal data? (purposes)
We process personal data to enable us to fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
In particular, we use personal data for the following purposes:
- To manage our products and services offered online and face-to-face for members, event participants, grant applicants/holders, volunteers, customers.
- To manage our contractual and legal obligations, including those affecting LMS staff and LMS Gift Aid donors.
- To manage our business activities, including De Morgan House Conference facilities, commercial and residential activities.
- To manage our communications (including direct marketing) with our internal and external stakeholders, including members, staff, volunteers, donors and business contacts.
- To manage our fundraising and development activities, including regular and potential donors.
- To manage the security of De Morgan House, including the use of CCTV.
- To manage our website, database and website resources.
What legal bases do we use to process data?
Under both the UK GDPR and the EU GDPR, we process personal data under at one of six legal bases:
- Consent – With the Consent of the Data Subject
- E.g. we rely on consent to send direct marketing material by email to you.
- Contract – To perform our duties to fulfil a contractual obligation
- E.g. we rely on contract to provide conference facilities to data subjects.
- Legal Obligation – To meet a meet a legal obligation
- E.g. we rely on legal obligation to disclose information to HMRC for tax and gift aid purposes.
- Legitimate Interests – To fulfil a legitimate interest of the LMS (on the understanding that it does not override the interests of the data subject)
- E.g. we rely on legitimate interests to facilitate bookings to support the LMS.
- Vital Interests – To protect the vital interests of data subjects.
- E.g. we rely on vital interests in the event that someone needs emergency medical treatment.
- Public Task – To process personal data in the exercise of official authority or to perform a specific task in the public interest that is set out in law
- We do not rely on this legal basis because we are not a public authority nor do we exercise official authority or carry out tasks in the public interest.
For most of our processing of personal data, we use Legitimate Interests and Contract as our legal bases.
What are our legitimate interests for processing data?
Our legitimate interests for processing personal data are so that we can fulfil our objectives on behalf of the London Mathematical Society; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
Examples of legitimate interests include:
- Maintaining the safety and security of those working in and visiting De Morgan House.
- Developing and maintaining contact with stakeholders to help realise the LMS’ charitable aims.
Who do we share your data with?
In most cases, your personal data will not be disclosed without consent, except where it is your interests and other situations as required by law e.g. staff salary details are shared with HMRC for tax purposes. When we do share your personal data, we take care to share the relevant details needed and not share more personal data than required by the circumstances.
Examples of organisations with whom we may share your data include:
- WorldPay, GoCardless.com, NatWest, American Express to process payments made to and by the LMS.
- HMRC, University of London, University Superannuation Scheme to manage LMS Staff payroll and pensions.
- Waat.eu, Imperial College to manage our website and IT systems.
- Google Analytics to monitor the use of our websites.
- Charity Commission and Moore Kingston Smith LLP to comply with legal obligations.
- Building managers and Estate Agents to manage commercial and residential tenancies.
- Emergency services to provide assistance in emergencies.
Examples of individuals with whom we may share your data include:
- LMS Council and Committee members to carry out Committee activities e.g. assessing grants applications, organising events, discussing committee business
- External event organisers to manage events.
- LMS First Aiders/Fire Marshalls to provide assistance, as required.
How long do we hold data for?
What are your rights under UK GDPR?
You have the following rights regarding your personal data when it is processed by any organisation.
- The Right to be informed about how we collect and process your personal data, including our purposes. We inform you of our data processing and its purposes via Privacy Statements at the time of collection, which link to this Privacy Notice. If we have collected your data from another source, we will provide you with this Privacy Notice as soon as possible.
- The Right of Access to your personal data so that you are aware of and can verify the lawfulness of our processing of your personal data.
- The Right to Rectification of your personal data. While we try to keep our data as accurate as possible, we will rectify inaccurate personal data, or complete if it is incomplete.
- The Right to Erasure (also known as ‘the right to be forgotten’). You have the right to have personal data erased, in particular circumstances.
- The Right to Restrict Processing your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
- The Right to Data Portability obtain and reuse your personal data, which you have provided to us, for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
- The Right to Object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- The right to withdraw consent (if applicable). Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
You can contact us about any of the above rights, including withdrawal of consent by emailing us – privacy@lms.ac.uk
We will respond to your requests within one month and where we cannot comply with the request, we will contact you within in one month and explain our reasons. If appropriate, we will ask you to provide proof of identity or entitlement to access/change personal data.
How can you exercise your right to complain to the Information Commissioners Office?
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You have the right to report a concern to the Information Commissioner’s Office and you can do so here: https://ico.org.uk/concerns/
Where do we source personal data (including publicly accessible sources)?
Most of the personal data collected by the LMS have come from data subjects themselves. For example, when we receive an enquiry for a booking and/or when we are contacted by the data subject. Some personal data is collected by LMS from publicly accessible sources, for example, from academic/professional web pages.
When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?
Sometimes, we have to process personal data to fulfil contractual obligations e.g. to provide membership services. If personal data is not provided then we will not be able to provide these services. Sometimes, we have to process personal data to fulfil statutory obligations e.g. to provide HMRC with employees’ tax details. If personal data is not provided then we cannot fulfil these statutory obligations and both the LMS and the individual may face penalties under other legislation.
Visitors to our website
When someone visits www.demorganhouse.org.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns e.g. the number of visitors to the different parts of the website. The information is processed in a way which does not identify anyone and we do not attempt, and do not allow Google to make any attempt, to find out the identities of those visiting our websites. If we do want to collect personally identifiable information through our websites, we will make this clear when we collect personal information and will explain what we intend to do with it.
Users of LMS conference facilities and visitors to De Morgan House
Personal data provided by a client e.g. name, company address and email will be stored used to provide services for that client’s booking. Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) will be asked to sign in and out of the building to comply with Health & Safety regulations.
Visitors to De Morgan House should be aware that the premises are monitored by CCTV cameras.
Job applicants, current and former LMS employees
When individuals apply to work at the LMS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the LMS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the LMS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
People who contact the LMS
Phone: When you call the LMS, we do not record our calls.
Email: Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who use LMS products, services and activities
The LMS offers various services, products and activities to its members and the public.
We use a third party, Google.com for online surveys. For more information on how Google processes data, please see the privacy policy here.
We have to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might send information about people who have registered for an event to the venue for the event so they know who is at the venue in case of an emergency.
When people do subscribe to our services or register for our events, they can cancel their subscription or registration at any time and are provided with an easy way of doing this.
Complaints or queries
The LMS tries to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the LMS’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address detailed in the How to contact us? section of this document.