Privacy and Data Storage Policy

 

This privacy statement applies to all activities of the Oral History Society (OHS) and is intended to inform you about what personal data we retain, the lawful basis and legitimate interest for why we hold it, how we process the data and store it, and how you can access and update your data. 

There are many ways people interact with the OHS, including:

  • Browsing our website
  • Membership of the Society (renewed annually)
  • Submission of an article to Oral History Journal – which can lead to publication of the article in the journal
  • Contacting a member of the Regional Network
  • Membership of a Special Interest Group or other discussion group (such as Higher Education or Schools)
  • Attending an Oral History Society event, seminar or conference
  • Attending a training day run by the Oral History Society and National Life Stories at the British Library
  • Signing up to receive the Oral History Society e-newsletter

When you interact with the OHS in a manner which requires personal data to be stored you will now be asked to consent to the processing and retention of data as outlined in this privacy and data storage policy document, using the following wording:

I hereby consent that the Oral History Society can store, process and retain my personal data in order to pursue its aims, objectives and activities and provide services to Members and other users.  I understand that full details of how the Oral History Society stores and processes my data are stated in the ‘Privacy and Data Storage Policy’ at www.ohs.org.uk/privacy.

I understand that I may ask to see my personal data at any time, and request that it is amended or updated.  To make such an enquiry I will contact the Secretary of the Oral History Society: Rob Perks, Oral History, British Library, 96 Euston Road, London NW1 2DB.  Email: rob.perks@bl.uk

Where is my data published or used?

We use your personal data only in connection with the aims, objectives and activities of the OHS as detailed in its constitution [available here: http://www.ohs.org.uk/about/documents/]. 

We do not publish or otherwise share membership data outside our organisation. We do not publish contact details unless strictly agreed with you. We do not use your contact details to sell on or swap to outside agencies.

We do use contact details to send newsletters and other information about our activities where you have consented for us to do so.

We do publish correspondence and other data (such as FAQs, project and network reports) on our website, but it is clearly outlined at the point of submission that the data will be published. Data published on our website is in the public domain which means that any member of the public can view your published data.

We do not transfer personal data internationally.  If we decide to do so in the future we will contact affected individuals direct.  Any server for OHS secure data storage will be based in the UK/European Economic Area. 

How data is stored by the OHS

The OHS never passes on any personal data to third parties for any reason, other than to fulfil the services we provide to members and those using OHS services.

Where the OHS contracts a third party to fulfil a specific function (such as our subscription agents) this relationship is carefully managed by Trustees.  Assurance of the security of the data held by the third party is an essential part of the contract agreed between the two parties. 

The OHS (and any agents employed on the OHS’s behalf) take appropriate security measures to ensure that we keep your information accurate and up to date and we only keep it as long as is necessary. We will make every effort to protect your personal information but please be aware that no database or data is entirely secure, nor is the transmission of personal data via the internet.

All OHS Trustees and those undertaking a role for the OHS are all aware of the importance of data security and mindful of this when undertaking their roles for the OHS.  By 31 December 2018 the OHS will establish a secure cloud based storage system with password access to store any personal data.  All of those carrying out duties for the Society will be given access, if necessary, to selected areas of this storage system with appropriate password access.  Further training on data security will be delivered by spring 2019 for all OHS Trustees and those undertaking a role for the OHS. 

The OHS will, by 31 December 2018, appoint a Trustee as OHS Records and Data Protection Officer.  Part of the remit of this Trustee will be to oversee the smooth running of the Privacy and Data Storage Policy and to update this document as required. 

The archives of the Oral History Society itself are held by the British Library in its contemporary manuscripts department.  These are deposited with the British Library every 10 years, covering materials for a period where they are no longer current business records for the OHS. The next tranche of records will be deposited at the British Library in 2028, covering the material generated in the period 2010-2020.

What if there is a data breach?

In the event of a data breach a Trustee or representative of the Society will immediately report this occurrence to the OHS Records and Data Protection Officer (in the interim this will be an Officer of the OHS).  If this is a deemed a serious breach the OHS Records and Data Protection Officer will inform the Information Commissioner’s Office within 72 hours and take steps to contact the affected parties. 

How can I find out about any of my personal data held by the OHS? 

The General Data Protection Regulation (GDPR) states that individuals can access and request a copy of their personal data in order to check its accuracy and verify the lawfulness of the processing.  Individuals can apply for such information using a Subject Access Request.  More information regarding the procedure for making a Subject Access Request (SAR) can be found here (https://ico.org.uk/for-organisations/guide-to-data-protection/principle-6-rights/subject-access-request/  )

If you wish to make a SAR enquiry please contact the Secretary of the Society:-

Rob Perks

Oral History

British Library

96 Euston Road

London NW1 2DB

Email: rob.perks@bl.uk

What types of data do we collect and store?

The type and amount of information the OHS and our agents receive and store depends on how you interact with the OHS, use our website and engage in our various activities.  We address each type of interaction below:

1. Browsing our website

We do not store information about you if you simply visit our website. Our web server collects anonymous data on use of the website and its different sections. This provides us with valuable information for future changes to the website to make it a better experience for users.

Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

2. Membership of the Society (renewed annually)

Oral History Society membership is managed by Webscribe, the Society’s subscription agent.  Webscribe and the OHS hold the following details for each member in order to register your membership, supply you with a journal by post twice a year and ensure you receive member rates for training courses, events and conferences:

  • Your name
  • Your contact address (potentially including any institutional affiliation)
  • Your email address (if you have supplied it)
  • Your phone number (if you have supplied it)

Your membership data is stored on the secure data server of our subscription agents, Webscribe, who outline the terms and conditions here: (http://www.webscribe.co.uk/terms-and-conditions).  In order to comply with Charity Commission and HMRC regulations this data is stored for 7 years

**Financial data for Membership payments is stored by our subscription agents, Webscribe, and also the OHS Treasurer.  To administer membership subscriptions fees, Webscribe retains payment information as encrypted data on their server.  If paying by cheque the OHS stores cheques in a secure place until paid into our bank. The OHS Treasurer keeps any financial data securely and by December 2018 any of this data held electronically will be stored on the secure cloud based server with password access. This data is retained for seven years after the Membership ceases, which is a requirement of the Charity Commission and HMRC.**

Electronic access to Oral History Journal

  • JSTOR is a digital library of academic journals, books, and primary sources which holds and provides copies of all back issues of Oral History Journal. Access to the Journal without charge via JSTOR is a benefit of OHS Membership.  Webscribe issue each member with an OHS user name and password in order to grant you access to back issues of the journal via JSTOR.  JSTOR do not hold any personal details, as all contact with JSTOR is made through the OHS username and password, which cannot be traced back to you. 
  • In order to facilitate, maintain and update Members’ access to JSTOR, our subscription agents (Webscribe) and our website support company (Evoluted) have access to parts of the website which hold some elements of Members’ personal data. Assurance of the security of the data held by these third parties is an essential part of the contract agreed between the two parties and is carefully managed by Trustees. In addition, you can refer to Webscribe’s privacy policy here (http://www.webscribe.co.uk/terms-and-conditions) and Evoluted’s here: (https://www.evoluted.net/privacy-policy).

Gift Aid

The OHS also uses membership data to claim Gift Aid. We only do this if you have consented to us making a claim on your behalf.  Data for Gift Aid payments is stored by our subscription agents and also an appointed OHS Trustee – who keeps the data securely.  By December 2018 this data will be held by the Trustee using the secure cloud based server with password access. This data is retained for 7 years after the permission to claim Gift Aid ceases to apply, which is a requirement of the Charity Commission and HMRC.

Oral History Society Regional Network

Members of the OHS Regional Network occasionally wish to contact members in a specific area to inform them of events or locally-relevant news.  In order to activate such a mailing, this is coordinated by Regional Network Coordinator and Deputy Coordinator (both Trustees).  All emails are sent via a method which does not disclose the personal details of any of the recipients. 

3. Submission of an article to Oral History Journal – which can lead to publication of the article in the journal

What personal data do we hold?

  • Your name
  • Your email
  • Your postal address, including institutional affiliation if relevant
  • Your phone number (if supplied)
  • Your draft article
  • For published articles there is signed author agreement

This data is managed by the OHS Journal Administrator, who is overseen by the Editorial Board.  All articles and personal details are stored securely.  By December 2018 this data will be stored using the secure cloud based server with password access. 

  • Authors whose article is published will fill in an author permission form prior to publication, clarifying the copyright(s) and terms of publication. Personal details recorded in the author permission form are kept in perpetuity as this form is a legal document. 
  • For authors whose articles have been rejected outright by the Editorial Board, the draft article and personal data will be deleted two years after the date of rejection by the Editorial Board.
  • Some authors are asked by the Editorial Board to rewrite and resubmit their article. If the article is resubmitted, the draft article and personal data about the author will be dealt with in line with the procedure for publication or rejection outlined above.  The draft article and data will be kept for a period of five years after the decision by the Editorial Board to ask for revision and resubmission.  After a period of five years the Editorial Board will deem that the author does not wish to resubmit and the draft article and data will be deleted.

4. Contacting a member of the Regional Network

Members of the OHS Regional Network are often contacted by both OHS members and non-members seeking advice and information.  If you contact a member of the OHS Regional Network with a query, they will only retain your personal data for as long as it is necessary for the purposes of helping with your enquiry. 

5. Membership of a Special Interest Group

When a person joins a Special Interest Group they also need to join the OHS if they are not already a member. 

What personal data do we hold?

  • Your name
  • Your email
  • Your postal address, including institutional affiliation if relevant
  • Your phone number (if supplied)
  • A short biography (if supplied)

Personal data held by the SIG is stored securely by the SIG convenor.  By December 2018 this data will be stored using the secure cloud based server with password access.  The SIG convenor will hold this personal data for no longer than 6 months after you leave a SIG. 

6. Attending an Oral History Society event, seminar or conference

What personal data do we hold?

  • Your name
  • Your email address
  • Your contact address, including institutional affiliation if relevant (if supplied)
  • Your phone number (if supplied)

Data is used purely for purposes of conference or event administration.  Personal data is held on the secure OHS storage system and is destroyed at the end of the subsequent financial year. 

**Electronic payments are made through WorldPay via a secure account and no identifiable financial details (such as a bank account number or credit card number) are retained by the OHS. Payments by cheque or BACS transfer are processed by the OHS Treasurer.  If paying by cheque the OHS stores the cheques in a secure place until paid into our bank.  The OHS Treasurer keeps any financial data securely and by December 2018 any of this data held electronically will be stored on the secure cloud based server with password access. This data is retained for seven years after the end of the financial year for the conference or event, which is a requirement of the Charity Commission and HMRC.**

7. Attending a training day run by the Oral History Society and National Life Stories at the British Library

What personal data the Oral History Society and National Life Stories hold?

  • Your name
  • Your contact address
  • Your email address
  • Your phone number
  • Stated reasons for attending a course

This data is collated by National Life Stories and is held by the British Library in accordance with the British Library’s privacy policy (http://www.bl.uk/aboutus/terms/privacy/].  The Oral History Society/British Library Training Liaison Group from time to time (and from May 2018 with express permission) will contact previous trainees to inform them of upcoming courses and relevant events.

**All payments are made through National Life Stories at the British Library:

  • Payments made through PayPal are made via a PayPal account, credit or debit card. No identifiable financial details (such as a bank account number or credit card number) are retained by National Life Stories at the British Library.
  • Those requesting invoices can pay via cheque or BACS transfer. If paying by cheque National Life Stories stores the cheques in a secure place until paid into our bank.

Any identifiable financial details (such as a bank account number and sort code) are retained by National Life Stories for 7 years which is a requirement of the Charity Commission, Companies House and HMRC.**

8. Signing up to receive the Oral History Society e-newsletter

What personal data do we hold?

  • Your name
  • Your email address
  • If you are a member of the OHS
  • The region in which you live – if specified
  • If you have any subjects within oral history in which you are interested – if specified

This data is stored in a database administered and stored securely by the OHS Publicity Officer (Trustee) using the provider Mailchimp.  All emails are sent via a secure mail out via Mailchimp.  Mailchimp is GDPR compliant: https://mailchimp.com/legal/privacy/.  An individual can request that they be removed from the e-newsletter by clicking on the ‘unsubscribe’ button shown on each mail out.  Once clicked, the individual can then complete the steps to remove their data from the active mailing list held by Mailchimp.  The OHS Publicity Officer will then permanently delete the individual’s personal data from the e-newsletter database.

—-

OHS Privacy and Data Storage Policy v.1.0 (23 May 2018)

Authored by Mary Stewart and Robert Wilkinson and agreed by the Oral History Society Officers Nick Chalmers, John Gabriel, Rob Perks and Beth Thomas