Data protection policy
Our goal is to make sure that we meet the requirements of the Data Protection Act (1998) by complying with the eight principles outlined by the Information Commissioner's Office, namely:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
OUPS only collects the minimum amount of information required to transact fully with our customers, both OUPS members and non-members. This includes contact information so that we can let you know if we need to make any changes to planned events or send newsletters by post for example. We may also use anonymised information such as postcodes without any associated name or address information to help us identify the most convenient locations in which to hold events. We do not provide any information to third parties.
Currency of information
We do not attempt to keep the information you give us up-to-date, but if you are registered on our website you can update your contact information at any time.
Payment Card information
We do not ask for credit or debit card details on our website or store any payment information online. Purchases using payment cards may be made by placing an online order and then calling our Business Administrator to complete the transaction by phone. We do not retain payment card details once your card issuer has authorised your payment request.
OUPS is a Payment Card Industry Data Security Standard (PCI DSS) compliant merchant, assessed and validated annually by SecurityMetrics, a Visa and Mastercard accredited PCI DSS assessor.
We also treat data security very seriously. The operating systems and system software for all systems holding personal data are maintained at no less than the latest released version minus 1, unless critical security patches are released. These are tested and installed as quickly as possible.
Tbe connection between your browser and our website is securely encrypted to prevent information that you enter on our website from being intercepted by third parties.
Data subject requests
We will respond to any requests from OUPS customers who want to know what information we hold about them, though this is available online under the "My account" menu item on the website.
Nominated Data Protection Officer
OUPS has a nominated Data Compliance Officer (DCO) who is responsible for data protection compliance and who acts as the main contact for all data protection issues. The responsibilities of this post also include ensuring that all staff are made aware of good practice in data protection and advising them if they have any related queries in respect of our data protection obligations and processes.
The DCO also handles external queries about data protection and regularly reviews data protection procedures and guidelines within the organisation to make sure we are maintaining a position in line with current legislation.