Our Privacy Notice, Membership Terms and Legitimate Interests
Privacy Notice
What is this Privacy Notice for?
This privacy notice is for this website www.pvrinstitute.org and served by the Pulmonary Vascular Research Institute (PVRI) and governs the privacy of its users who choose to use it. The notice sets out the different areas where user privacy is concerned and outlines the obligations and requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this notice.
The Website
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements and all handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679.
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
- The right to be informed of how your Personal Data is used (through this notice);
- The right to access any personal data held about you;
- The right to withdraw consent at any time, by contacting admin@pvrinstitute.org or following the method outlined in the Use of Cookies section;
- The right to rectify any inaccurate or incomplete personal data held about you;
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy, or where you have withdrawn consent;
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
- The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
Who is the Data Controller?
For user of this website, where we have collected your personal data directly from you, we, The Pulmonary Vascular Research Institute, a registered charity in the United Kingdom (Charity No: 1127115) and private limited company registered in the United Kingdom (5780068) with the registered address of 33 St George's Place, Canterbury, Kent, CT1 1UT + 44(0)1227 787 972, are the Data Controller. Our Data Protection Lead is the PVRI Chief Executive. If you have any further questions around your data, please email dataprotection@pvrinstitute.org
Why are we processing your data?
Use of Cookies
This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their device. This complies with legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user's device. Cookies are small files saved to the user's device that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their device, they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors. This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. Use of Google Analytics is conducted in accordance with Google's privacy policy: http://www.google.com/privacy.html. Other cookies may be stored to your device by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information, other than your pseudonymised identifier, is stored, saved or collected. You can exercise any of your rights (outlined above) in relation to our use of cookies. This processing is conducted lawfully on the basis of article 6, section 1, sub-section f – ‘our legitimate interests’.
Contact & Communication
Users contacting this website and/or its owners do so at their own discretion and provide any such personal details in acknowledgement of the risks inherent in transferring data over the internet. This website and its owners use any information submitted to provide you with further information about our work and the products/services we offer, or to assist you in answering any questions or queries you may have submitted. Your details are processed by the Third Parties noted below only for the purposes outlined. Every effort has been made to ensure a safe and secure form for email submission, but we advise users that no form of internet communication is 100% secure, and that you use this feature at your own risk. The data we collect for contacting you through our website will include your name, email address and any other personal data included within the content of your message. This processing is conducted lawfully on the basis of article 6, section 1, sub-section f – ‘our legitimate interests’.
Email Newsletter
This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user. Subscriptions are also taken in compliance with the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the General Data Protection Regulation. No personal details are passed on to third parties nor shared with companies/people outside of the company that operates this website. Email marketing campaigns published by this website or its owners contain tracking facilities within the actual email using Microsoft Dynamics unique URLs integrated with the bespoke PVRI CRM to analyse the effectiveness of email content. This data is stored on encrypted servers, accessible only to the PVRI and, upon explicit consent, to our CRM providers ‘Infinity Group The Coach House, Spencer Mews , Tunbridge Wells, Kent, TN1 2PY’ , when needed for troubleshooting. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity. This information is used to refine future email campaigns and supply the user with more relevant content based around their activity. In compliance with the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead. This processing is conducted lawfully on the basis of article 6, section 1, sub-section a – ‘your consent’.
Memberships
When joining the PVRI as a member, you will be asked to provide:
a) Your name;
b) Email address;
c) Institution details
d) Job title (details of professional capacity).
Your details are not passed on to any third parties outside our membership network, however we do share details with other members through the Members Directory. Sharing data is automated upon ticking the appropriate box to share data through the PVRI open directory.
This processing is conducted lawfully on the basis of article 6, section 1, sub-section a – ‘your consent’.
What are the PVRI’s ‘legitimate interests’?
The PVRI’s legitimate interests are its business needs balanced against the rights and freedoms of all individuals affected by that need. It is conducted by the PVRI Council / Board of Directors and incorporates considerations of the risks present in our processing, your likely response to those risks (unless you inform us of your actual considerations) and what benefits you are likely to receive from our processing.
Our use of cookies is based on our legitimate interest in analysing how our website is used, both for security and business reasons, and using that information to make our service more secure and better for you to use. Your objection to use using cookie data in this way (as outlined in the section above) will nullify our legitimate interest in processing your personal data only.
Our processing of your personal data in response to communications initiated by you is based on our legitimate interest in responding to inquiries or suggestions about our organisation and the corresponding benefit you will receive in our response.
For more information about the PVRI’s legitimate interests, please read:
Who else will receive your personal data?
All members have access to the names and contact details of other members for the purpose of co-operation and communication across our network. When joining the PVRI network, your membership information will, with your consent (see above), be visible to all other members and you will be able to see others membership information, including personal data, through the Members Directory.
The following organisations also process your personal data on our behalf. This relationship is governed by a contractual relationship that operates in accordance with the GDPR.
Third Party Organisation |
Purposes for Carrying Out Processing |
Sub-processors |
Infinity group Spencer Mews, The Coach House, Camden Rd, Tunbridge Wells TN1 2PY |
Database hosting on encrypted servers. Access to data is given on a per request basis for troubleshooting technical errors with performance of database. |
None |
Sagittarius Marketing Ltd. 36 High Street, Ashford, Kent, TN24 8TE, United Kingdom |
Staging website hosting on encrypted servers. Access to data is given on a per request basis for troubleshooting technical errors with the PVRI live & staging website. |
None |
Warren IT Services Unit 12, The Glenmore Centre Shearway Business Park, Pent Rd, Folkestone CT19 4RJ |
General IT support with access to PVRI in-house servers. Access to servers is given on a per request basis for troubleshooting technical errors with performance of the servers. |
None |
GoDaddy* Corporate Headquarters 14455 N. Hayden Rd., Ste. 226 |
Live website hosting on encrypted servers. Access to data is given on a per request basis for troubleshooting technical errors with the PVRI live website. |
None |
Microsoft Dynamics CRM 1065 La Avenida Mountain View, CA, USA 94043 |
Provide tracking facilities analyse the effectiveness of email content. |
None |
Google Analytics 1600 Amphitheatre Parkway Mountain View, CA 94043 United States |
Tracking visitor usage to monitor the effectiveness of the website and our overall impact worldwide. |
None |
Yes. The PVRI is a worldwide network and members’ data are shared across the network. Of the organisations noted above as operating outside of the EU, the following applies:
Third Party Organisation |
Country of Operation |
Contractual Safeguards Existing |
GoDaddy Corporate Headquarters 14455 N. Hayden Rd., Ste. 226 |
United States of America |
https://uk.godaddy.com/agreements/ShowDoc.aspx |
Microsoft Dynamics CRM 1065 La AvenidaMountain View, CA, USA94043 |
United States of America |
https://www.microsoft.com/EN-US/privacystatement/DynamicsCRMOnline/Default.aspx |
Google Analytics 1600 Amphitheatre Parkway Mountain View, CA 94043 United States |
United States of America |
https://support.google.com/analytics/answer/6004245?hl=en |
For a full list of PVRI suppliers, and how our relationship is managed please see here:
https://pvrinstitute.org/media/6018/gdpr-business-relationship-compliance.xlsx
How long will your personal data be kept?
The PVRI holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold, as detailed below, or, where suppression of email newsletter has been requested, to include only your email address.
Where ‘consent’ is the basis for our lawful processing of your data, we will retain your data so long as both the purpose for which it was collected and your consent are still valid. We will review the status of your consent should the purpose for which the data was collected change and treat non-response to any requests for renewal of consent made by us as if they were your request to withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and identify the interest specifically.
Where we process your data on the basis of ‘legitimate interests’, we will retain your data for so long as the purpose for which it is processed remains active. We review the status of our legitimate interests every thirty (30) days and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
Who can you complain to?
In addition to sending us your complaints directly at admin@pvrinstitute.org send complaints to our supervisory authority. As the PVRI predominantly handles the personal data of UK nationals and is based within the UK, our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting https://ico.org.uk/concerns/.
What profiling does the PVRI perform?
None, the PVRI does not perform any profiling of visitors to this website or its members.
External Links
Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner/image links to other websites, similar to; www.loginrailwaystation.co.uk or Bed & Breakfast Pembrokeshire.) The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Adverts and Sponsored Links
This website may contain sponsored links and adverts. These will typically be served through our advertising partners, whom may have detailed privacy policies relating directly to the adverts they serve. Clicking on any such adverts will send you to the advertiser’s website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your device. Users should therefore note that they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively. Users are advised to use social media platforms wisely and communicate/engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email. This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account. The PVRI does not collect any personal data from social media profiles used in tandem with this website.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo). Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
2018 Edited & customised by:
The Pulmonary Vascular Research Institute is a registered charity in the United Kingdom (Charity No: 1127115). A private limited company. Registered company in the United Kingdom (5780068). Registered address in the UK: 33 St George's Place, Canterbury, Kent, CT1 1UT + 44(0)1227 787 972. The Pulmonary Vascular Research Institute is registered in the United States of America as a not-for-profit organisation (501c3) in the State of Illinois (IN26: 0420959). Registered address in the USA: 3621 Grove Street, Skokie, Illinois 60076-1901.
Membership Terms and Conditions
This agreement is made between the Pulmonary Vascular Research Institute (“PVRI”) whose registered address is at 33 St George’s Place, Canterbury, Kent, CT1 1UT, United Kingdom, with registered company number 5780068 and registered charity number 1127115 and the PVRI member named in the registration form (“You”, “Your”) for the provision of membership to the PVRI and to dictate the handling of Personal Data shared as benefit of our membership network.
As a member of the PVRI, You have access to the PVRI membership network directory. This is a database containing the Personal Data of other PVRI members who have opted to share their information across the network.
The purpose for which all members share their data is so that all members are able to discover and communicate with other members who share the PVRI’s aims and goals of reducing the global burden of pulmonary vascular disease within the next two decades through global collaboration striving for excellence in clinical care, research and education in PVD; in order that together, we might achieve those goals (the “PVRI Purpose”).
In order to achieve compliance with the Data Protection Legislation being implemented in the European Union, the PVRI has implemented Terms of Data Sharing (below) across its entire network (whether You are an EU citizen/resident, or not).
Membership Terms
- Membership is open to anyone with an active research and / or educational interest in pulmonary vascular disease and related fields. As soon as you have entered your details and completed payment, you will have immediate access to:
- All of our digital learning content
- The PVRI membership network directory
- Collated PC Journal Articles
- PVRI Digital Clinic
- Discounted rates for our events
- Opportunity to engage with Task Forces and associated activities
- Free registration to PVRI ‘Get-together’ events
Terms of Data Sharing
- The Personal Data being shared under this agreement includes:
- Identity Data;
- Contact Data; and
- Profile Data.
- Whenever you acquire Personal Data from the PVRI membership network directory, you MUST notify the individual whose Personal Data you have acquired before or at the time that you first use it for the PVRI Purpose, or, at the latest, within thirty (30) days of acquiring it.
- In notifying the individual whose Personal Data you have acquired, You must clearly:
- identify Yourself and Your organisation (where you have acquired the Personal Data as part of your profession);
- describe where You have acquired the Personal Data (i.e. the PVRI membership network directory);
- explain Your intentions for using their Personal Data;
- highlight the fact that their Personal Data might be retained by You after the termination of their membership with the PVRI, should You extend Your use of Personal Data beyond the PVRI Purpose (see clause 5);
- notify the individual has a right to refuse You permission to use their Personal Data for any purpose (including but not limited to the PVRI Purpose), as well as their other rights arising under Data Protection Legislation – see the PVRI Privacy Notice for information about individual rights arising under Data Protection Legislation.
- If you reside outside of the EEA, or are dealing with the Personal Data of individuals located outside of the EEA, in addition to Your obligations arising under, and highlighted within, these terms and conditions, You must observe any local laws, regulations and practices relating to data privacy as applicable (“Local Laws”). The PVRI is not able to provide any legal advice regarding Data Protection Legislation or any other equivalent overseas laws.
5. By acquiring the Personal Data of a PVRI member, you become a Data Controller of that Personal Data, with regard to Data Protection Legislation. This means that Personal Data has been shared with you with consent of a PVRI member (the Data Subject) for its use in respect of the PVRI Purpose only. You are able to determine any additional purposes for which you wish to use the Personal Data. Your ability to make such decisions is governed by Data Protection Legislation and Local Laws, as applicable. The PVRI recommends that you take legal advice before using Personal Data for any reason other than the PVRI Purpose.
6. As a condition of membership, the PVRI requires that all members using Personal Data acquired from the PVRI membership network directory observe good practice in developing and maintaining professional relationships across the network. As such, members are expressly prohibited from using Personal Data in any of the following ways:
- to send explicit, offensive, slanderous or libellous material; and
- to send excessive levels of correspondence that could be construed as spam or harassment
7. All members who acquire Personal Data from the PVRI membership network directory are required:
- not to disclose or allow access to the Personal Data You have acquired, including by storing it on a system not controlled by you (for example, a hosted or cloud-based solution), without appropriate legal assurances and safeguards in place;
- to ensure that You have in place appropriate technical and organisational measures, open to review and approval by the PVRI, to protect against unauthorised or unlawful processing of Personal Data, and against any other loss, destruction or damage;
- to notify the PVRI without undue delay as soon as You become aware of any breaches of Data Protection Legislation and/or Local Laws;
- to inform the PVRI of any subject access requests You receive in relation to PVRI member data you have acquired, and not to respond to such requests before consulting the PVRI;
- to assist the PVRI, at Your cost, in responding to subject access requests or investigating data security issues, making breach notifications, performing impact assessments or complying with consultations or audits from regulatory authorities;
- to delete or return any shared Personal Data at the written direction of the PVRI, or on the termination of Your membership, unless You have acquired Your own bases for use as described in clause 5, or as required otherwise by law; and
- maintain complete and accurate records of all Personal Data that You hold and make such records available for inspection by the PVRI or the relevant regulatory authority.
- If the PVRI becomes aware of, or has reason to believe that You are using Personal Data in any of the ways noted in clause 6, in breach of the provision in clause 7, or in any other way that contravenes the obligations imposed on a Data Controller by Data Protection Legislation or applicable Local Law, Your membership will be revoked without refund. Additionally, where appropriate, the PVRI might report illegitimate activity to the relevant regulatory authority, and/or comply with any investigation by such a body.
- If You are located outside of the EEA, your acquisition of Personal Data from the PVRI membership network directory is also subject to the ‘Standard contractual clauses for the transfer of personal data from the EEA to third countries (controller to controller transfers)’ SET II, attached below and requiring signature before accessing the PVRI membership network directory.
- In agreeing to these terms and conditions and acquiring Personal Data from the PVRI membership network directory, You hereby indemnify the PVRI against all liabilities, costs, expenses, damages and losses (including, but not limited to any direct, indirect or inconsequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs and all other reasonable professional costs and expenses incurred by You) arising out of, or in connection with, the breach of Data Protection Legislation by You to maximum extent permitted by law.
General
These Terms and Conditions are governed by the laws of England and Wales and subject to the Courts of England, other than for UK residents, who may request a hearing within their local jurisdiction.
Definitions
Data Protection Legislation means all applicable laws and regulations relating to the processing of Personal Data and privacy including the Data Protection Act 1998, the General Data Protection Regulation 2016/679 (“GDPR”), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any statutory instrument, order, rule or regulation made thereunder, as from time to time amended, extended, re-enacted or consolidated.
The terms “Personal Data”, “Special Categories of Personal Data”, “Data Controller”, “Data Processor”, “Data Subject”, “Data Protection Officer” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation.
Identity Data includes Personal Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.
Contact Data includes Personal Data such as addresses; email addresses and telephone numbers.
Profile Data such as interests; preferences; feedback and responses to surveys, blogs and messages.
All other terms are defined in brackets the first time that they are used.