This privacy notice tells you what to expect us to do with your personal data when you make contact with us or use one of our services.
- Key Definitions.
- Who We Are?
- How can you contact us?
- Who is affected by our processing? (categories of individuals)
- What Categories of Personal Data do we process?
- Why do we process personal data (purposes)?
- What Legal Bases do we use to process data?.
- Who do we share your data with?
- When do we transfer personal data to third countries and what safeguards do we use?
- How long do we hold data for?
- What are your rights under GDPR?
- Where do we source personal data (including publicly accessible sources)?
- When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?
- When do we use automated decision-making, including profiling? How are the decisions made and what are the significant consequences?
- Complaints or Queries.
- Any reference to ‘We’, ‘Us’ and ‘Our’ is to The London Mathematical Society as an organisation.
- Any reference to ‘You’ and ‘Your’ is to you as an individual data subject.
- Any reference to ‘Our websites’ is to websites available within lms.ac.uk and www.demorganhouse.co.uk
Personal data - Any information about you as a living individual from which you can be identified (e.g. a name, photographs, videos, email address, or address) either by the information alone or in conjunction with any other information.
Data Subject – You as the living individual whose personal data is processed.
Processing – The ways in which personal data is used by the London Mathematical Society, including collection, storage, disclosure and destruction/deletion.
Data Controller – The London Mathematical Society, which is the organisation responsible for deciding how personal data is processed.
Data Processor – Any organisation, which processes personal data on behalf of the London Mathematical Society.
Privacy Notice - This Privacy Notice sets out details of the personal data that we will collect about you and how we will process your personal data.
The London Mathematical Society (LMS), a registered UK Charity (no. 252660), is the UK’s learned society for mathematics. Its purpose is the advancement, dissemination and promotion of mathematical knowledge, both nationally and internationally. The LMS is registered with the Information Commissioner’s Office (Reg no: Z6256165). The Society’s Data Protection Officer is the Executive Secretary.
If you want to contact the Data Protection Officer, you can email us or write to: Data Protection Officer, London Mathematical Society, De Morgan House, 57-58 Russell Square, London WC1B 4HS
- LMS Members
- LMS Employees
- LMS Mathematical Sciences Directory members
- People use LMS products, services and activities
- People who contact the LMS
- LMS Publications – Authors (and co-authors), referees, editors, editorial advisers
- De Morgan House Clients (internal and external)
- Visitors to De Morgan House
- Website Users and visitors
Please note this list is current as of May 2018 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.
We process the following types of personal data listed below. However, we do not process all types of personal data for everyone. We process specific types of personal data for particular purposes e.g. we will collect and process National Insurance numbers from employees and trustees to meet our legal obligations.
- Personal details – name, date of birth, gender, National Insurance numbers.
- Contact details – address, email address, telephone number, fax number, emergency contact details
- Financial details – bank account details, card payment details, tax details,
- Employment details – CVs, current and previous employers, references, salary details
- Education and Training details – Qualifications (professional and academic)
- Images – CCTV, photographs
- IP addresses – collected via Cookies
Special Categories of data
- Health details – dietary requirements, access requirements, allergies
- Identification details – passports, proof of identity, visas and work permits
- Criminal convictions
We process personal data to enable us to fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
In particular, we use personal data for the following purposes:
- To manage our products and services offered online and face-to-face for members, event participants, grant applicants/holders, volunteers, customers.
- To manage our governance, including LMS Elections, LMS Council and Committee business.
- To manage our contractual and legal obligations, including those affecting LMS staff and LMS Gift Aid donors.
- To manage our business activities, including LMS publications, De Morgan House Conference facilities, commercial and residential activities.
- To manage our communications (including direct marketing) with our internal and external skate-holders, including members, staff, volunteers, donors and business contacts.
- To manage our fundraising and development activities, including regular and potential donors.
- To manage the security of De Morgan House, including the use of CCTV.
- To manage our website, database and website resources, including the LMS Mathematical Sciences Directory, LMS Success Stories and ATHENA SWAN resource.
- To manage our archives and statistical research on behalf of the mathematical community.
Please note this list is current as of May 2018 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.
Under the General Data Protection Regulation (GDPR), we process personal data under at one of six legal bases:
- Consent - With the Consent of the Data Subject
- E.g. we rely on consent to send direct marketing material by email to you.
- Contract - To perform our duties to fulfil a contractual obligation
- E.g. we rely on contract to provide membership services to fulfil our contract with LMS Members.
- Legal Obligation - To meet a meet a legal obligation
- E.g. we rely on legal obligation to disclose information to HMRC for tax and gift aid purposes.
- Legitimate Interests - To fulfil a legitimate interest of the LMS (on the understanding that it does not override the interests of the data subject)
- E.g. we rely on legitimate interests to facilitate communication with and between LMS Committee members so they can carry out their duties.
- Vital Interests - To protect the vital interests of data subjects.
- E.g. we rely on vital interests in the event that someone needs emergency medical treatment.
- Public Task - To process personal data in the exercise of official authority or to perform a specific task in the public interest that is set out in law
- We do not rely on this legal basis because we are not a public authority nor do we exercise official authority or carry out tasks in the public interest.
For most of our processing of personal data, we use Legitimate Interests and Contract as our legal bases.
What are our legitimate interests for processing data?
Our legitimate interests for processing personal data are so that we can fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.
Examples of legitimate interests include:
- Facilitating communication between LMS Committee members to undertake their duties.
- Maintaining the safety and security of those working and visiting De Morgan House.
- Developing and maintaining contact with stakeholders to help realise the LMS’ charitable aims.
- Ensuring the effective management of LMS activities, services and products.
In most cases, your personal data will not be disclosed without consent, except where it is your interests and other situations as required by law e.g. staff salary details are shared with HMRC for tax purposes. When we do share your personal data, we take care to share the relevant details needed and not share more personal data than required by the circumstances.
Examples of organisations with whom we may share your data include:
- WorldPay, GoCardless.com, NatWest, American Express to process payments made to and by the LMS.
- John Wiley & Sons Ltd, Cambridge University Press, Editflow, Turpion/Institute of Physics to manage the LMS Publications, especially publication of journal articles and books.
- University College London, John Wiley & Sons Ltd, Institute of Physics, European Mathematical Society, European Women in Mathematics to manage membership services i.e. access to UCL Library, receiving relevant subscriptions to journals and/or third party memberships.
- HMRC, University of London, University Superannuation Scheme to manage LMS Staff payroll and pensions.
- Clay Mathematics Institute, Heilbronn Institute of Mathematical Research, MARM Board – MARM grants, Cecil King Memorial Foundation, Council of Mathematical Sciences (CMS) member bodies (IMA, RSS, ORS, EdMS), Joint LMS-IMA Prizes Panels and Bachelier Prize Panel to work with our partners to fulfil our charitable objectives.
- Waat.eu, Imperial College to manage our website and IT systems.
- External venues and hotels to manage events.
- Google Analytics to monitor the use of our websites.
- Charity Commission and Kingston Smith LLP to comply with legal obligations.
- The Electoral Reform Service to manage LMS Elections.
- Building managers and Estate Agents to manage commercial and residential tenancies.
- Emergency services to provide assistance in emergencies.
Examples of individuals with whom we may share your data include:
- LMS Council and Committee members to carry out Committee activities e.g. assessing grants applications, organising events, discussing committee business
- LMS Editors and LMS Editorial Advisers to manage the LMS Publications processes.
- Referees to review applications, proposals, journal articles.
- External event organisers to manage events.
- LMS First Aiders/Fire Marshalls to provide assistance, as required.
We may occasionally need to transfer personal information overseas. Where this is necessary this may be to countries or territories around the world.
Examples of when we transfer personal data to third countries and the safeguards we use include:
- Editflow is used to manage the processing of articles we receive for our journals and it is accessed by IT support for software management and development purposes.
- When seeking references from mathematicians who are based outside the European Economic Area (EEA). We ask referees to treat all personal data in strict confidence.
We hold personal data in accordance with the time limits set out in our Data Retention Schedule, which include statutory time limits for certain personal data. For example, we are obliged to keep financial details for seven years. When we no longer need to process personal data, we ensure that physical copies are securely destroyed and digital copies are securely deleted. In some cases, we will transfer personal data to the LMS archives e.g. names of LMS Members.
You have the following rights regarding your personal data when it is processed by any organisation.
- The Right to be informed about how we collect and process your personal data, including our purposes. We inform you of our data processing and its purposes via Privacy Statements at the time of collection, which link to this Privacy Notice. If we have collected your data from another source, we will provide you with this Privacy Notice as soon as possible.
- The Right of Access to your personal data so that you are aware of and can verify the lawfulness of our processing of your personal data.
- The Right to Rectification of your personal data. While we try to keep our data as accurate as possible, we will rectify inaccurate personal data, or complete if it is incomplete.
- The Right to Erasure (also known as ‘the right to be forgotten’). You have the right to have personal data erased, in particular circumstances.
- The Right to Restrict Processing your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
- The Right to Data Portability obtain and reuse your personal data, which you have provided to us, for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
- The Right to Object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
- the right to withdraw consent (if applicable). Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
Exercising Your Rights
You can exercising any of these rights by:
- Logging into your LMS online account: www.lms.ac.uk/user
- Contacting us of your withdrawal of consent by emailing us – email@example.com
We will respond to your requests within one month and where we cannot comply with the request, we will contact you within in one month and explain our reasons. If appropriate, we will ask you to provide proof of identity or entitlement to access/change personal data.
How can you exercise your right to complain to the Information Commissioner’s Office?
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You have the right to report a concern to the Information Commissioner’s Office and you can do so here: https://ico.org.uk/concerns/
Most of the personal data collected by the LMS have come from data subjects themselves. For example, when we receive an application for membership or a grant, when we receive a registration for a LMS event and/or when we are contacted by the data subject. Some personal data is collected by LMS from publicly accessible sources, for example, from academic/professional web pages.
When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?
Sometimes, we have to process personal data to fulfil contractual obligations e.g. to provide membership services. If personal data is not provided then we will not be able to provide these services. Sometimes, we have to process personal data to fulfil statutory obligations e.g. to provide HMRC with employees’ tax details. If personal data is not provided then we cannot fulfil these statutory obligations and both the LMS and the individual may face penalties under other legislation.
When do we use automated decision-making, including profiling? How are the decisions made and what are the significant consequences?
We use automated decision-making if you apply to become a member of the LMS Mathematical Sciences Directory. The decision is made based on the selected “reason to join” under LMS MSDirectory Criteria and where, “other” is selected, the application is reviewed by a Sub-Group of the LMS Research Policy Committee. We also profile data subjects when creating mailing lists to send direct marketing material to particular groups about LMS products, services, activities and events. For example, we will create a mailing list for members based in London to inform them of upcoming events due to take place in London.
When someone visits www.lms.ac.uk, http://edf.lms.ac.uk/ and www.demorganhouse.co.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns e.g. the number of visitors to the different parts of the website. The information is processed in a way which does not identify anyone and we do not attempt, and do not allow Google to make any attempt, to find out the identities of those visiting our websites. If we do want to collect personally identifiable information through our websites, we will make this clear when we collect personal information and will explain what we intend to do with it.
Our website search and decision notice search is powered by Drupal. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the LMS or any third party.
We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-Update.
Security and performance
The LMS uses a third party service to help maintain the security and performance of the LMS website. To deliver this service it processes the IP addresses of visitors to the LMS website.
Prospective LMS Members
When we receive an application, an online membership profile is created and this normally contains the identity of the applicant and their proposer and seconder (where applicable). We will only use the information we collect to process the application and to provide further information about subscriptions and services after the application is successful. Prospective members can access and edit their online membership profile at any time by logging in to: www.lms.ac.uk/user
Current LMS Members
Former LMS Members
Once a person’s membership with the LMS has ended, we will retain the membership profile in accordance with the requirements of our retention schedule and then delete it.
The LMS Mathematical Sciences Directory (LMS MSDirectory) is a central, online resource about mathematical scientists. The LMS owns the copyright to the LMS MSDirectory, which can be found on the website of the London Mathematical Society (www.lms.ac.uk). Members of the MSDirectory do not have to be members of the LMS.
The purpose of the LMS MSDirectory is to facilitate communication between academics and postgraduate mathematical scientists and between academics and others in industry, education, commerce and enterprise. It is designed to provide academics and industry professionals with a resource to locate experts and interested parties in any field for the advancement of mathematics and mathematicians.
The LMS holds details on a person’s name, institution, institutional address, previous institutions, professional email address, qualifications, research interests, place of employment, position, personal website, and gender as an individual LMS MSDirectory profile for each person.
Individual profiles can be displayed in the MSDirectory, which can be found on our website. You may restrict how much information is included in your MSDirectory profile by editing your privacy settings when editing each section of your profile. You can also choose to opt out of the MSDirectory altogether. You will still be able to access all areas as a data user rather than a data owner.
Your personal profile may be used for the following purposes:
- To allow others to contact you through your listed email address.
- To enable anonymised data gathering on matters with respect to the UK Mathematical Sciences People Pipeline. Further information about the UK Mathematical Sciences People Pipeline can be found here: http://www.cms.ac.uk/files/News/article_5630c69e789971.96989222.pdf
- To keep you informed of LMS services, activities and products.
The LMS holds the copyright of the LMS MSDirectory and this is made clear on the website. It is also made clear on the website that any person/organisation found to be data mining the LMS MSDirectory for purposes other than those reasons for which the LMS MSDirectory has been set up, may be considered to have breached intellectual property/data protection legislation leading to prosecution and sanctions by the Information Commissioner’s Office (ICO).
To minimise data mining for purposes outside of approved use, the LMS MSDirectory has been structured to operate in such a way as to make it as difficult as possible to data-mine on a wholesale basis. For example, email addresses will not be listed on any full results page but rather only on an individual detail page.
Authors and co-authors who wish to submit papers to LMS publications via Editflow should read the Privacy Notice for LMS Publications
Personal data provided by a client e.g. name, company address and email will be stored used to provide services for that client’s booking. Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) will be asked to sign in and out of the building to comply with Health & Safety regulations.
Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) should be aware that the premises are monitored by CCTV cameras.
When individuals apply to work at the LMS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the LMS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the LMS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
People who call the LMS
When you call the LMS, we do not record our calls.
People who email the LMS
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
The LMS offers various services, products and activities to its members and the public. We use third parties to deal with some publication requests, but they are only allowed to use the information to send out the publications and/or set up online access.
We may disclose personal information contained in grant applications and prize nominations to third parties for the purposes of obtaining confidential references.
We have to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might send information about people who have registered for an event to the venue for the event so they know who is at the venue in case of an emergency.
When people do subscribe to our services or register for our events, they can cancel their subscription or registration at any time and are provided with an easy way of doing this.
The LMS tries to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the LMS’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address detailed in the “How to Contact Us” section of this document.
Submitted by Elizabeth Fisher on 25 May, 2018 12:36