Data protection policy
Who we are:
SCNP (Scandinavian College of Neuropsychopharmacology) is the leading psychopharmacology organisation in the Nordic countries, Sweden, Norway, Denmark, Iceland and Finland. Its mission is to promote research and education in neuropsychopharmacology. It also provides advice on all aspects of neuro-psychiatric drugs. Through these activities it seeks to advance research thus leading to improved patient care. We are registered as a non-profit organization in Denmark (Registration DK32214339).
Why we collect data:
We collect, store and process personal data of SCNP members for the purposes of membership benefits (e.g. full text access to the SCNP journal). We only collect data to give you a better experience; to improve and deliver the membership services to you.
How we use personal data:
We use personal data to fulfill the membership benefits to our members. Personal data of individuals who we provide services for is used to maintain our relationship and to deliver our membership benefits.
What personal data do we collect?
- Members and attendees on our congress/workshops: we collect personal data (name, contact details, job title, organisation) for the purposes of fulfilling our services.
- We collect emails and names from people subscribing to our mailing list.
- We do not process personal details to third parties apart as part of the membership experience, cf. below
We use standard Typo3 statistics which record visitor numbers and their country of origin.
Our legal process for processing personal data
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, organisations are required to have a legal basis for processing personal data. The legal bases we use for processing data are:
- Legitimate interests for the purposes of fulfilling our activities.
- Legal obligations for the purposes of fulfilling our statutory purpose.
- Consent when people opt into our mailing list.
How long do we keep data?
We store and retain personal data for various periods of time in line with our legal obligations and internal requirements. Typically, we will delete personal data collected during project work such as rights clearance after 6 months. We have a Data Retention Policy to ensure that your data is not held for longer than is necessary. Membership data is stored as long as the member is member.
How we keep data secure
We have robust processes, procedures, and agreements in place to ensure secure collection, storage and processing of personal data. Only authorised employees, have access to personal data we hold.
Personal data is stored securely on our online database, whose tools we use to process data.
International transfer of data
Your information is held securely in Germany. We ensure that sufficient safeguards, contracts/agreements are in place to protect personal data and that all parties comply with the requirements of GDPR and the Data Protection Act 2018.
Who we share data with:
In line with our activities we share personal data with third parties who process our data for the purposes of providing services to you, such as email providers, digital file storage providers, those processing credit card payments, our online invoicing system and Mailchimp. Finally, we will share data with the appropriate authorities (e.g. police, law enforcement agencies and other parties) where we have a legal obligation. For example, for the detection and prevention of fraud, or where data is required in relation to a criminal offence.
We do not sell or share data with any other third parties other than those listed above and where we use a third party to securely process our data on our behalf.
Under the GDPR and the Data Protection Act 2018, you have the following rights:
- Right to be informed. This Policy provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.
- Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.
- Right to receive an electronic copy of any information you have consented to us holding. You can ask us to provide you with the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied or transferred to be used across different services or for you to give to another organisation. This is called a subject access request and we will need to verify your identity before giving such information.
- Rights related to automated decision making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.
Links to other websites:
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
If we are unable to resolve your complaint, you also have the right to complain to the Data Protection Agency if you feel that your data had been processed in a way that is not compliant with this policy or in line with the GDPR and the Data Protection Act 2018. You can contact the Data Protection Agency by visiting their website, https://www.datatilsynet.dk/english/
Notification of Changes:
We keep this Policy under regular review and will update this page. You should check this page from time to time to ensure that you are aware of any changes.
Last updated: January 2020