This privacy notice tells you what to expect us to do with your personal data when you make contact with us or use one of our services.
- Key Definitions.
- Who We Are?
- How can you contact us?
- Who is the LMS' EU GDPR Representative?
- How can you contact the LMS' EU GDPR Represenative?
- Who is affected by our processing? (categories of individuals)
- What Categories of Personal Data do we process?
- Why do we process personal data (purposes)?
- What Legal Bases do we use to process data?.
- Who do we share your data with?
- When do we transfer personal data to third countries and what safeguards do we use?
- How long do we hold data for?
- What are your rights under UK GDPR / EU GDPR?
- Where do we source personal data (including publicly accessible sources)?
- When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?
- When do we use automated decision-making, including profiling? How are the decisions made and what are the significant consequences?
- Complaints or Queries.
Key Definitions
- Any reference to ‘We’, ‘Us’ and ‘Our’ is to The London Mathematical Society as an organisation.
- Any reference to ‘You’ and ‘Your’ is to you as an individual data subject.
- Any reference to ‘Our websites’ is to websites available within lms.ac.uk and www.demorganhouse.co.uk
The London Mathematical Society (LMS), a registered UK Charity (no. 252660), is the UK’s learned society for mathematics. Its purpose is the advancement, dissemination and promotion of mathematical knowledge, both nationally and internationally. The LMS is registered with the Information Commissioner’s Office (Reg no: Z6256165). The Society’s Data Protection Officer is the Executive Secretary.
If you want to contact the Data Protection Officer, you can email us or write to: Data Protection Officer, London Mathematical Society, De Morgan House, 57-58 Russell Square, London WC1B 4HS
Who is the LMS' EU GDPR Representative?
The European Mathematical Society (EMS). The purpose of the EMS is to further the development of all aspects of mathematics in the countries of Europe. The EMS is an affiliate member of the International Mathematical Union and an associate member of the International Council for Industrial and Applied Mathematics. The LMS is a corporate member of the EMS.
How can you contact the LMS' EU GDPR Represenative?
If you want to contact the EMS, you can email them or write to: EMS Secretariat, Department of Mathematics and Statistics, P.O.Box 68, 00014 University of Helsinki, Finland
Who is affected by our processing? (categories of individuals)
The following people are affected by the LMS processing their personal data for a variety of purposes and under different legal bases
Please note this list is current as of December 2020 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.
We process the following types of personal data listed below. However, we do not process all types of personal data for everyone. We process specific types of personal data for particular purposes e.g. we will collect and process National Insurance numbers from employees and trustees to meet our legal obligations.
Categories
- Personal details – name, date of birth, gender, National Insurance numbers.
- Contact details – address, email address, telephone number, fax number, emergency contact details
- Financial details – bank account details, card payment details, tax details,
- Employment details – CVs, current and previous employers, references, salary details
- Education and Training details – Qualifications (professional and academic)
- Images – CCTV, photographs
- IP addresses – collected via Cookies
Special Categories of data
- Health details – dietary requirements, access requirements, allergies
- Identification details – passports, proof of identity, visas and work permits
- Criminal convictions
- Religion
We process personal data to enable us to fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
In particular, we use personal data for the following purposes:
- To manage our products and services offered online and face-to-face for members, event participants, grant applicants/holders, volunteers, customers.
- To manage our governance, including LMS Elections, LMS Council and Committee business.
- To manage our contractual and legal obligations, including those affecting LMS staff and LMS Gift Aid donors.
- To manage our business activities, including LMS publications, De Morgan House Conference facilities, commercial and residential activities.
- To manage our communications (including direct marketing) with our internal and external stakeholders, including members, staff, volunteers, donors and business contacts.
- To manage our fundraising and development activities, including regular and potential donors.
- To manage the security of De Morgan House, including the use of CCTV.
- To manage our website, database and website resources, including the LMS Mathematical Sciences Directory, LMS Success Stories and ATHENA SWAN resource.
- To manage our archives and statistical research on behalf of the mathematical community.
Please note this list is current as of December 2020 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.
Under both the UK GDPR and the EU GDPR, we process personal data under at one of six legal bases:
- Consent - With the Consent of the Data Subject
- E.g. we rely on consent to send direct marketing material by email to you.
- Contract - To perform our duties to fulfil a contractual obligation
- E.g. we rely on contract to provide membership services to fulfil our contract with LMS Members.
- Legal Obligation - To meet a meet a legal obligation
- E.g. we rely on legal obligation to disclose information to HMRC for tax and gift aid purposes.
- Legitimate Interests - To fulfil a legitimate interest of the LMS (on the understanding that it does not override the interests of the data subject)
- E.g. we rely on legitimate interests to facilitate communication with and between LMS Committee members so they can carry out their duties.
- Vital Interests - To protect the vital interests of data subjects.
- E.g. we rely on vital interests in the event that someone needs emergency medical treatment.
- Public Task - To process personal data in the exercise of official authority or to perform a specific task in the public interest that is set out in law
- We do not rely on this legal basis because we are not a public authority nor do we exercise official authority or carry out tasks in the public interest.
For most of our processing of personal data, we use Legitimate Interests and Contract as our legal bases.
What are our legitimate interests for processing data?
Our legitimate interests for processing personal data are so that we can fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
Examples of legitimate interests include:
- Facilitating communication between LMS Committee members to undertake their duties.
- Maintaining the safety and security of those working and visiting De Morgan House.
- Developing and maintaining contact with stakeholders to help realise the LMS’ charitable aims.
- Ensuring the effective management of LMS activities, services and products.
In most cases, your personal data will not be disclosed without consent, except where it is your interests and other situations as required by law e.g. staff salary details are shared with HMRC for tax purposes. When we do share your personal data, we take care to share the relevant details needed and not share more personal data than required by the circumstances.
Examples of organisations with whom we may share your data include:
- WorldPay, GoCardless.com, NatWest, American Express to process payments made to and by the LMS.
- John Wiley & Sons Ltd, Cambridge University Press, Editflow, Turpion/Institute of Physics to manage the LMS Publications, especially publication of journal articles and books.
- University College London, John Wiley & Sons Ltd, Institute of Physics, European Mathematical Society, European Women in Mathematics to manage membership services i.e. access to UCL Library, receiving relevant subscriptions to journals and/or third party memberships.
- HMRC, University of London, University Superannuation Scheme to manage LMS Staff payroll and pensions.
- Clay Mathematics Institute, Heilbronn Institute of Mathematical Research, MARM Board – MARM grants, Cecil King Memorial Foundation, Council of Mathematical Sciences (CMS) member bodies (IMA, RSS, ORS, EdMS), Joint LMS-IMA Prizes Panels and Bachelier Prize Panel to work with our partners to fulfil our charitable objectives.
- Waat.eu, Imperial College to manage our website and IT systems.
- External venues and hotels to manage events.
- Google Analytics to monitor the use of our websites.
- Charity Commission and Moore Kingston Smith LLP to comply with legal obligations.
- Civica Election Services to manage LMS Elections.
- Building managers and Estate Agents to manage commercial and residential tenancies.
- Emergency services to provide assistance in emergencies.
Examples of individuals with whom we may share your data include:
- LMS Council and Committee members to carry out Committee activities e.g. assessing grants applications, organising events, discussing committee business
- LMS Editors and LMS Editorial Advisers to manage the LMS Publications processes.
- Referees to review applications, proposals, journal articles.
- External event organisers to manage events.
- LMS First Aiders/Fire Marshalls to provide assistance, as required.
We may occasionally need to transfer personal information overseas. Where this is necessary this may be to countries or territories around the world.
Examples of when we transfer personal data to third countries and the safeguards we use include:
- European Mathematical Society (EMS) members’ data is sent to the EMS when the LMS collects EMS membership fees on behalf of the EMS. The UK government has granted data protection adequacy to the EEA.
- Editflow is used to manage the processing of articles we receive for our journals and it is accessed by IT support for software management and development purposes. An agreement to comply with data protection legislation exists between us and our processor, MSP.
- When seeking references from mathematicians who are based outside the UK. We ask referees to treat all personal data in strict confidence.
We hold personal data in accordance with the time limits set out in our Data Retention Schedule, which include statutory time limits for certain personal data. For example, we are obliged to keep financial details for seven years. When we no longer need to process personal data, we ensure that physical copies are securely destroyed and digital copies are securely deleted. In some cases, we will transfer personal data to the LMS archives e.g. names of LMS Members.
You have the following rights regarding your personal data when it is processed by any organisation.
- The Right to be informed about how we collect and process your personal data, including our purposes. We inform you of our data processing and its purposes via Privacy Statements at the time of collection, which link to this Privacy Notice. If we have collected your data from another source, we will provide you with this Privacy Notice as soon as possible.
- The Right of Access to your personal data so that you are aware of and can verify the lawfulness of our processing of your personal data.
- The Right to Rectification of your personal data. While we try to keep our data as accurate as possible, we will rectify inaccurate personal data, or complete if it is incomplete.
- The Right to Erasure (also known as ‘the right to be forgotten’). You have the right to have personal data erased, in particular circumstances.
- The Right to Restrict Processing your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
- The Right to Data Portability obtain and reuse your personal data, which you have provided to us, for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
- The Right to Object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- the right to withdraw consent (if applicable). Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
Exercising Your Rights
You can exercising any of these rights by:
- Logging into your LMS online account: www.lms.ac.uk/user
- Contacting us of your withdrawal of consent by emailing us – privacy@lms.ac.uk
We will respond to your requests within one month and where we cannot comply with the request, we will contact you within in one month and explain our reasons. If appropriate, we will ask you to provide proof of identity or entitlement to access/change personal data.
How can you exercise your right to complain to the Information Commissioner’s Office?
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You have the right to report a concern to the Information Commissioner’s Office and you can do so here: https://ico.org.uk/concerns/
Most of the personal data collected by the LMS have come from data subjects themselves. For example, when we receive an application for membership or a grant, when we receive a registration for a LMS event and/or when we are contacted by the data subject. Some personal data is collected by LMS from publicly accessible sources, for example, from academic/professional web pages.
When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?
Sometimes, we have to process personal data to fulfil contractual obligations e.g. to provide membership services. If personal data is not provided then we will not be able to provide these services. Sometimes, we have to process personal data to fulfil statutory obligations e.g. to provide HMRC with employees’ tax details. If personal data is not provided then we cannot fulfil these statutory obligations and both the LMS and the individual may face penalties under other legislation.
When do we use automated decision-making, including profiling? How are the decisions made and what are the significant consequences?
We currently do not use automated decision-making. We profile data subjects when creating mailing lists to send direct marketing material to particular groups about LMS products, services, activities and events. For example, we will create a mailing list for members based in London to inform them of upcoming events due to take place in London.
When someone visits www.lms.ac.uk, http://edf.lms.ac.uk/ and www.demorganhouse.co.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns e.g. the number of visitors to the different parts of the website. The information is processed in a way which does not identify anyone and we do not attempt, and do not allow Google to make any attempt, to find out the identities of those visiting our websites. If we do want to collect personally identifiable information through our websites, we will make this clear when we collect personal information and will explain what we intend to do with it.
Use of cookies by the LMS
We use cookies to collect information about your online preference. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page.
You can read more about how we use cookies on our Cookies page.
Search engine
Our website search and decision notice search is powered by Drupal. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the LMS or any third party.
LMS e-Update
We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-Update.
Security and performance
The LMS uses a third party service to help maintain the security and performance of the LMS website. To deliver this service it processes the IP addresses of visitors to the LMS website.
Prospective LMS Members
When we receive an application, an online membership profile is created and this normally contains the identity of the applicant and their proposer and seconder (where applicable). We will only use the information we collect to process the application and to provide further information about subscriptions and services after the application is successful. Prospective members can access and edit their online membership profile at any time by logging in to: www.lms.ac.uk/user
Current LMS Members
Current members have an online membership profile, which they can access and edit at any time by logging on to: www.lms.ac.uk/user We will use the information we collect to process subscriptions and payments, to provide services and to keep members informed of Society business and news. We use a third party, GoCardless Ltd, to process direct debit payments. For more information about how GoCardless Ltd processes data, please see GoCardless privacy policy. We use a third party, WorldPay, to process credit/debit card payments. For more information about how WorldPay processes data, please see WorldPay privacy policy.
Former LMS Members
Once a person’s membership with the LMS has ended, we will retain the membership profile in accordance with the requirements of our retention schedule and then delete it.
Authors and co-authors who wish to submit papers to LMS publications via Editflow should read the Privacy Notice for LMS Publications
Personal data provided by a client e.g. name, company address and email will be stored used to provide services for that client’s booking. Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) will be asked to sign in and out of the building to comply with Health & Safety regulations.
Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) should be aware that the premises are monitored by CCTV cameras.
When individuals apply to work at the LMS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the LMS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the LMS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
People who call the LMS
When you call the LMS, we do not record our calls.
People who email the LMS
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
The LMS offers various services, products and activities to its members and the public. We use third parties to deal with some publication requests, but they are only allowed to use the information to send out the publications and/or set up online access.
We use a third party, SurveyMonkey.com, to deal with some event registrations and online surveys. For more information on how SurveyMonkey.com processes data, please see the privacy policy for SurveyMonkey.com
We may disclose personal information contained in grant applications and prize nominations to third parties for the purposes of obtaining confidential references.
We have to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might send information about people who have registered for an event to the venue for the event so they know who is at the venue in case of an emergency.
When people do subscribe to our services or register for our events, they can cancel their subscription or registration at any time and are provided with an easy way of doing this.
The LMS tries to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the LMS’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address detailed in the “How to Contact Us” section of this document.