WEBSITE PRIVACY NOTICE
This Privacy Notice is provided by Oxford Abstracts ("Oxford Abstracts", "we" or "us"). We are a "controller" for the purposes of the UK General Data Protection regulation incorporated by the UK's Data Protection Act 2018 (collectively referred to as the "Data Protection Laws") except for where you are submitting an abstract to an event organiser, in which case we are a "processor" and the "controller" (who is responsible for processing of your data under the Data Protection Laws) is the organiser of the event.
We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.
This Privacy Notice applies when you visit or interact with our website at https://app.oxfordabstracts.com/ or when you contact us to enquire or give feedback about our services.
How to Contact us
If you have any questions about this Privacy Notice, how we handle your personal data, or would like to exercise any of your rights, please contact:
|Address:||Oxford Abstracts Limited
Silicon Croft, Saltacre
Acharacle PH36 4LP
What personal data we collect as controller and what we use it for:
Direct interactions: You provide us with your personal data (including name, e-mail address, billing address or payment information) to register for our services. This also includes personal data you provide when you send us an enquiry, give us feedback or contact us. Users who sign up for a free account (e.g. submitters, reviewers, committee members and delegates) are not required to provide any payment details on registration but may be required to provide payment details if they purchase conference tickets.
The information is not shared with or sold to other organisations for commercial purposes, except:
- to provide services you’ve requested;
- when we have your permission;
- when it is necessary in order to investigate, prevent, or take action regarding illegal activities, violations of Oxford Abstracts' Terms of Service, or as otherwise required by law; or
- if Oxford Abstracts is acquired by or merged with another company.
What personal data we collect as processor and what we use it for:
We collect abstracts (including authors' details) submitted for events on behalf of the event organiser in order to collate them. We do this under our contract with the event organiser.
If you submit to an event, the event organiser may ask for additional personal data about you or other persons related to your submission as part of the submission process. It is the event organiser’s responsibility to ensure they process any data collected from submitters in line with all relevant data laws and regulations. Submitters should ensure they have permission from all persons mentioned in their submission prior to including it in a submission or communication.
Event organisers may extract personal data and process it further. We take no responsibility for any processing done outside our systems other than by the third parties who we instruct. Any questions regarding the processing of personal data by event organisers should be directed to them directly.
Why Do We Process Your Personal Data?
|Why do we do it?||Lawful Basis for Processing|
|To register you as a user and provide you with access to our products and services,||Performance of a Contract|
|To identify you and provide you with a secure means of logging into your account,||Legitimate Interests|
|To send you quotes and invoices for our products and services,||Performance of a Contract|
|So we can contact you in relation to products and services or events you are involved with||Performance of a Contract|
|So we can enhance, modify, personalise or otherwise improve our services/communications for the benefit of our clients and users,||Legitimate Interests|
|To collect feedback on our products and services,||Legitimate Interests|
|To enhance the security of our systems,||Legitimate Interests|
|To better understand how people interact with our website and systems||Consent|
|To provide administrative, operational or technical communications.||Performance of a Contract|
|To send you our newsletter if you have signed up to receive it. If you have previously signed up to receive our newsletter or otherwise agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by clicking on the ‘unsubscribe’ link in any email you receive from us.||Consent. You may change your mind at any time by clicking on the ‘unsubscribe’ link in any email you receive from us.|
How is processing your personal data lawful:
We are allowed to process your personal data based on the following legal bases for the purposes explained in this Website Privacy Notice:
Legitimate interests - We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table in the previous section "Why do we process your personal data" explains the personal data processed on this basis.
You can object to processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.
Performance of a contract – It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract.
Consent - Sometimes we want to use your personal data in a way that is entirely optional for you, such as when you give consent for us to place cookies on your device. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.
Retention and deletion of your personal data:
We only retain your personal data for as long as we need it by law. We will store conference data for at least a year after the conference start date unless the customer deletes the event. This allows customers to look back at a previous year's conference when setting up a new conference. The following categories of personal data will be kept for the following periods and will be securely deleted/ destroyed after the expiry of the retention period:
|Data we process||How long this will be held for|
|Name||For a period of up to 6 years after termination of the contract for Oxford Abstract's services|
|Email address||For a period of up to 6 years after termination of the contract for Oxford Abstract's services|
|Billing address or payment information||For a period of up to 6 years after termination of the contract for Oxford Abstract's services|
As a UK data subject, you have the following legal rights under the Data Protection Laws in relation to your personal data. You can exercise these rights free of charge, by contacting us (please see "How to contact us"). We will respond to any rights that you exercise within a month of receiving the request unless the request is particularly complex, in which case we will respond within three months.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please be aware that there are exceptions and exemptions that apply to some of these rights, which we will apply in accordance with the Data Protection Laws.
|YOUR DATA PROTECTION RIGHTS|
|1. Right of access to a copy of personal data we hold about you.|
|2. Right to contact us and have the information we hold about you corrected if it is inaccurate or incomplete.|
|3. Right to request the deletion or removal of information we hold about you.|
|4. Right to restrict processing to suppress further use of information we hold about you.|
|5. Right to object to certain types of processing including processing based on our legitimate interests and processing for direct marketing.|
|6. Right to withdraw consent at any time for anything we do with the personal data we hold about you.|
You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Organisations that we may share your data with: We use service providers to support our website, our software, our accounts and our CRM. Some of these service providers will process your data as part of the services they offer to us. We take steps to ensure that our service providers treat your data in accordance with the law, only use it in accordance with our contract with them and keep it secure. We have listed our main service providers below.
Oxford Abstracts uses a third party service to help maintain the security and performance of the Oxford Abstracts website. To deliver this service it processes the IP addresses of visitors to the Oxford Abstracts website.
Our software is hosted by Amazon Web Services (AWS) on servers based in the UK. For more information about how Amazon Web Services processes data, please see AWS’s data privacy information.
Our in-system emails are managed using Postmark. For more information about how Postmark processes data, please see Postmark’s EU privacy summary.
We use a third party service, Quickbooks to manage our accounts, billing and payroll, which is run by Intuit UK. For more information about how Quickbooks processes data, please see Inuit’s data security information.
We use a third party service, Hubspot.com to manage our sales, support and marketing, which is run by Hubspot. For more information about how Hubspot processes data, please see Hubspot's security overview.
Third Party Providers
We may share data with other third party providers on occasion to provide additional services. This will be done at the request of a client or with their consent. Only relevant data will be shared. Clients may grant third parties with access to data held in our systems. We take no responsibility for any processing done by third parties granted access to data in our system by our clients. Any questions regarding the processing of personal data by our clients or third parties enlisted to process data on their behalf should be directed to them directly using the contact details provided for the event(s) in question.
Organisations who process your data as controllers
We use third party payment providers that you can use to make payments to attend conferences and access our services. You should check their policies to see how they handle your data.
The latest version of the Privacy Notice can be found here on our website here. Oxford Abstracts may periodically update this policy. We will notify you about significant changes in the way we treat personal information by sending a notice to the primary email address specified in your Oxford Abstracts account or by placing a prominent notice on our site.
Complaints to the Regulator
It is important that you ensure you have read this Privacy Notice. If you do not think that we have processed your data in accordance with this Privacy Notice, you should let us know as soon as possible. You also have the right to complain to the Information Commissioner's Office (ICO). Information about how to do this is available on its website at www.ico.org.uk.