Privacy Notice

This privacy notice tells you what to expect us to do with your personal data when you make contact with us or use one of our services. 

 

Key Definitions

  • Any reference to ‘We’, ‘Us’ and ‘Our’ is to The London Mathematical Society as an organisation.
  • Any reference to ‘You’ and ‘Your’ is to you as an individual data subject.
  • Any reference to ‘Our websites’ is to websites available within lms.ac.uk and www.demorganhouse.co.uk
Data Controller – The London Mathematical Society, which is the organisation responsible for deciding how personal data is processed.
Data Processor – Any organisation, which processes personal data on behalf of the London Mathematical Society.
Data Subject – You as the living individual whose personal data is processed.
EU GDPR – The European Union General Data Protection Regulation
EU GDPR Rep – The LMS’ EU GDPR Representative with whom data subjects and supervisory authorities, who are based in the European Economic Area (EEA), can liaise with regard to the LMS’ obligations under EU GDPR.
Personal data - Any information about you as a living individual from which you can be identified (e.g. a name, photographs, videos, email address, or address) either by the information alone or in conjunction with any other information.  
Privacy Notice - This Privacy Notice sets out details of the personal data that we will collect about you and how we will process your personal data.
Processing – The ways in which personal data is used by the London Mathematical Society, including collection, storage, disclosure and destruction/deletion.
UK GDPR – The United Kingdom General Data Protection Regulation.
 

Back to Top


 

Who We Are?

The London Mathematical Society (LMS), a registered UK Charity (no. 252660), is the UK’s learned society for mathematics. Its purpose is the advancement, dissemination and promotion of mathematical knowledge, both nationally and internationally.    The LMS is registered with the Information Commissioner’s Office (Reg no: Z6256165). The Society’s Data Protection Officer is the Executive Secretary.

Back to Top


 

How can you contact us?

If you want to contact the Data Protection Officer, you can email us or write to: Data Protection Officer, London Mathematical Society, De Morgan House, 57-58 Russell Square, London WC1B 4HS

Back to Top


Who is the LMS' EU GDPR Representative?

The European Mathematical Society (EMS). The purpose of the EMS is to further the development of all aspects of mathematics in the countries of Europe. The EMS is an affiliate member of the International Mathematical Union and an associate member of the International Council for Industrial and Applied Mathematics. The LMS is a corporate member of the EMS.

Back to Top


How can you contact the LMS' EU GDPR Represenative?

If you want to contact the EMS, you can email them or write to: EMS Secretariat, Department of Mathematics and Statistics, P.O.Box 68, 00014 University of Helsinki, Finland

Back to Top


 

 

Who is affected by our processing? (categories of individuals)

The following people are affected by the LMS processing their personal data for a variety of purposes and under different legal bases 

Please note this list is current as of December 2020 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.

Back to Top


 

What Categories of Personal Data do we process?

We process the following types of personal data listed below. However, we do not process all types of personal data for everyone. We process specific types of personal data for particular purposes e.g. we will collect and process National Insurance numbers from employees and trustees to meet our legal obligations.

Categories

  • Personal details – name, date of birth, gender, National Insurance numbers.
  • Contact details – address, email address, telephone number, fax number, emergency contact details
  • Financial details – bank account details, card payment details, tax details,
  • Employment details – CVs, current and previous employers, references, salary  details
  • Education and Training details – Qualifications (professional and academic)
  • Images – CCTV, photographs
  • IP addresses – collected via Cookies

Special Categories of data

  • Health details – dietary requirements, access requirements, allergies
  • Identification details – passports, proof of identity, visas and work permits
  • Criminal convictions
  • Religion

Back to Top


 

Why do we process personal data (purposes)?

We process personal data to enable us to fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.

In particular, we use personal data for the following purposes:

  • To manage our products and services offered online and face-to-face for members, event participants, grant applicants/holders, volunteers, customers.
  • To manage our governance, including LMS Elections, LMS Council and Committee business.
  • To manage our contractual and legal obligations, including those affecting LMS staff and LMS Gift Aid donors.
  • To manage our business activities, including LMS publications, De Morgan House Conference facilities, commercial and residential activities.
  • To manage our communications (including direct marketing) with our internal and external stakeholders, including members, staff, volunteers, donors and business contacts.
  • To manage our fundraising and development activities, including regular and potential donors.
  • To manage the security of De Morgan House, including the use of CCTV.
  • To manage our website, database and website resources, including the LMS Mathematical Sciences Directory, LMS Success Stories and ATHENA SWAN resource.
  • To manage our archives and statistical research on behalf of the mathematical community.

Please note this list is current as of December 2020 and will be updated when the Privacy Notice is reviewed as the business of the LMS evolves and changes.

Back to Top


 

What Legal Bases do we use to process data?

Under both the UK GDPR and the EU GDPR, we process personal data under at one of six legal bases:

  1. Consent - With the Consent of the Data Subject
    • E.g. we rely on consent to send direct marketing material by email to you.
  2. Contract - To perform our duties to fulfil a contractual obligation
    • E.g. we rely on contract to provide membership services to fulfil our contract with LMS Members.
  3. Legal Obligation - To meet a meet a legal obligation
    • E.g. we rely on legal obligation to disclose information to HMRC for tax and gift aid purposes.
  4. Legitimate Interests - To fulfil a legitimate interest of the LMS (on the understanding that it does not override the interests of the data subject)
    • E.g. we rely on legitimate interests to facilitate communication with and between LMS Committee members so they can carry out their duties.
  5. Vital Interests - To protect the vital interests of data subjects.
    • E.g. we rely on vital interests in the event that someone needs emergency medical treatment.
  6. Public Task - To process personal data in the exercise of official authority or to perform a specific task in the public interest that is set out in law
    • We do not rely on this legal basis because we are not a public authority nor do we exercise official authority or carry out tasks in the public interest.

For most of our processing of personal data, we use Legitimate Interests and Contract as our legal bases. 

What are our legitimate interests for processing data?

Our legitimate interests for processing personal data are so that we can fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.

Examples of legitimate interests include:

  • Facilitating communication between LMS Committee members to undertake their duties.
  • Maintaining the safety and security of those working and visiting De Morgan House.
  • Developing and maintaining contact with stakeholders to help realise the LMS’ charitable aims.
  • Ensuring the effective management of LMS activities, services and products.

Back to Top


 

Who do we share your data with?

In most cases, your personal data will not be disclosed without consent, except where it is your interests and other situations as required by law e.g. staff salary details are shared with HMRC for tax purposes.  When we do share your personal data, we take care to share the relevant details needed and not share more personal data than required by the circumstances.

Examples of organisations with whom we may share your data include:

  • WorldPay, GoCardless.com, NatWest, American Express to process payments made to and by the LMS.
  • John Wiley & Sons Ltd, Cambridge University Press, Editflow, Turpion/Institute of Physics to manage the LMS Publications, especially publication of journal articles and books.
  • University College London, John Wiley & Sons Ltd, Institute of Physics, European Mathematical Society, European Women in Mathematics to manage membership services i.e. access to UCL Library, receiving relevant subscriptions to journals and/or third party memberships.
  • HMRC, University of London, University Superannuation Scheme to manage LMS Staff payroll and pensions.
  • Clay Mathematics Institute, Heilbronn Institute of Mathematical Research, MARM Board – MARM grants, Cecil King Memorial Foundation, Council of Mathematical Sciences (CMS) member bodies (IMA, RSS, ORS, EdMS), Joint LMS-IMA Prizes Panels and Bachelier Prize Panel to work with our partners to fulfil our charitable objectives.
  • Waat.eu, Imperial College to manage our website and IT systems.
  • External venues and hotels to manage events.
  • Google Analytics to monitor the use of our websites.
  • Charity Commission and Moore Kingston Smith LLP to comply with legal obligations.
  • Civica Election Services to manage LMS Elections.
  • Building managers and Estate Agents to manage commercial and residential tenancies.
  • Emergency services to provide assistance in emergencies.

Examples of individuals with whom we may share your data include:

  • LMS Council and Committee members to carry out Committee activities e.g. assessing grants applications, organising events, discussing committee business
  • LMS Editors and LMS Editorial Advisers to manage the LMS Publications processes.
  • Referees to review applications, proposals, journal articles.
  • External event organisers to manage events.
  • LMS First Aiders/Fire Marshalls to provide assistance, as required.

Back to Top


 

When do we transfer personal data to third countries and what safeguards do we use?

We may occasionally need to transfer personal information overseas. Where this is necessary this may be to countries or territories around the world.

Examples of when we transfer personal data to third countries and the safeguards we use include:

  • European Mathematical Society (EMS) members’ data is sent to the EMS when the LMS collects EMS membership fees on behalf of the EMS. The UK government has granted data protection adequacy to the EEA.
  • Editflow is used to manage the processing of articles we receive for our journals and it is accessed by IT support for software management and development purposes. An agreement to comply with data protection legislation exists between us and our processor, MSP.
  • When seeking references from mathematicians who are based outside the UK.  We ask referees to treat all personal data in strict confidence.

Back to Top


 

How long do we hold data for?

We hold personal data in accordance with the time limits set out in our Data Retention Schedule, which include statutory time limits for certain personal data.  For example, we are obliged to keep financial details for seven years. When we no longer need to process personal data, we ensure that physical copies are securely destroyed and digital copies are securely deleted. In some cases, we will transfer personal data to the LMS archives e.g. names of LMS Members.

Back to Top


 

What are your rights under UK GDPR / EU GDPR?

You have the following rights regarding your personal data when it is processed by any organisation.

  1. The Right to be informed about how we collect and process your personal data, including our purposes.  We inform you of our data processing and its purposes via Privacy Statements at the time of collection, which link to this Privacy Notice.  If we have collected your data from another source, we will provide you with this Privacy Notice as soon as possible.
  1. The Right of Access to your personal data so that you are aware of and can verify the lawfulness of our processing of your personal data.
  1. The Right to Rectification of your personal data.  While we try to keep our data as accurate as possible, we will rectify inaccurate personal data, or complete if it is incomplete.
  1. The Right to Erasure (also known as ‘the right to be forgotten’). You have the right to have personal data erased, in particular circumstances.
  1. The Right to Restrict Processing your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
  1. The Right to Data Portability obtain and reuse your personal data, which you have provided to us, for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
  1. The Right to Object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
  1. the right to withdraw consent (if applicable). Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time. 

Exercising Your Rights

You can exercising any of these rights by:

We will respond to your requests within one month and where we cannot comply with the request, we will contact you within in one month and explain our reasons. If appropriate, we will ask you to provide proof of identity or entitlement to access/change personal data. 

How can you exercise your right to complain to the Information Commissioner’s Office?

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You have the right to report a concern to the Information Commissioner’s Office and you can do so here: https://ico.org.uk/concerns/

Back to Top


 

Where do we source personal data (including publicly accessible sources)?

Most of the personal data collected by the LMS have come from data subjects themselves. For example, when we receive an application for membership or a grant, when we receive a registration for a LMS event and/or when we are contacted by the data subject.  Some personal data is collected by LMS from publicly accessible sources, for example, from academic/professional web pages.

Back to Top


 

When do we have to process data to fulfil a contractual or statutory obligation? And what are the consequences if you do not provide the data?

Sometimes, we have to process personal data to fulfil contractual obligations e.g. to provide membership services. If personal data is not provided then we will not be able to provide these services. Sometimes, we have to process personal data to fulfil statutory obligations e.g. to provide HMRC with employees’ tax details.  If personal data is not provided then we cannot fulfil these statutory obligations and both the LMS and the individual may face penalties under other legislation.

Back to Top


 

When do we use automated decision-making, including profiling? How are the decisions made and what are the significant consequences?

We use automated decision-making if you apply to become a member of the LMS Mathematical Sciences Directory.  The decision is made based on the selected “reason to join” under LMS MSDirectory Criteria and where, “other” is selected, the application is reviewed by a Sub-Group of the LMS Research Policy Committee. We also profile data subjects when creating mailing lists to send direct marketing material to particular groups about LMS products, services, activities and events.  For example, we will create a mailing list for members based in London to inform them of upcoming events due to take place in London.

Back to Top


 

Visitors to our websites

When someone visits www.lms.ac.ukhttp://edf.lms.ac.uk/ and www.demorganhouse.co.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns e.g. the number of visitors to the different parts of the website. The information is processed in a way which does not identify anyone and we do not attempt, and do not allow Google to make any attempt, to find out the identities of those visiting our websites. If we do want to collect personally identifiable information through our websites, we will make this clear when we collect personal information and will explain what we intend to do with it.

Use of cookies by the LMS

We use cookies to collect information about your online preference. Cookies are small pieces of information sent by a web server to a web browser which allows the server to uniquely identify the browser on each page.

You can read more about how we use cookies on our Cookies page.

Search engine

Our website search and decision notice search is powered by Drupal. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the LMS or any third party.

LMS e-Update

We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-Update.

Security and performance

The LMS uses a third party service to help maintain the security and performance of the LMS website. To deliver this service it processes the IP addresses of visitors to the LMS website.

Back to Top


 

Prospective, Current and Former LMS members

Prospective LMS Members

When we receive an application, an online membership profile is created and this normally contains the identity of the applicant and their proposer and seconder (where applicable). We will only use the information we collect to process the application and to provide further information about subscriptions and services after the application is successful. Prospective members can access and edit their online membership profile at any time by logging in to: www.lms.ac.uk/user

Current LMS Members

Current members have an online membership profile, which they can access and edit at any time by logging on to: www.lms.ac.uk/user We will use the information we collect to process subscriptions and payments, to provide services and to keep members informed of Society business and news. We use a third party, GoCardless Ltd, to process direct debit payments. For more information about how GoCardless Ltd processes data, please see GoCardless privacy policy.  We use a third party, WorldPay, to process credit/debit card payments. For more information about how WorldPay processes data, please see WorldPay privacy policy.

Former LMS Members

Once a person’s membership with the LMS has ended, we will retain the membership profile in accordance with the requirements of our retention schedule and then delete it.

Back to Top


 

Members and users of the LMS Mathematical Sciences Directory (MSDirectory)

The LMS Mathematical Sciences Directory (LMS MSDirectory) is a central, online resource about mathematical scientists.  The LMS owns the copyright to the LMS MSDirectory, which can be found on the website of the London Mathematical Society (www.lms.ac.uk). Members of the MSDirectory do not have to be members of the LMS.

The purpose of the LMS MSDirectory is to facilitate communication between academics and postgraduate mathematical scientists and between academics and others in industry, education, commerce and enterprise. It is designed to provide academics and industry professionals with a resource to locate experts and interested parties in any field for the advancement of mathematics and mathematicians.

The LMS holds details on a person’s name, institution, institutional address, previous institutions, professional email address, qualifications, research interests, place of employment, position, personal website, and gender as an individual LMS MSDirectory profile for each person.

Individual profiles can be displayed in the MSDirectory, which can be found on our website.  You may restrict how much information is included in your MSDirectory profile by editing your privacy settings when editing each section of your profile.  You can also choose to opt out of the MSDirectory altogether. You will still be able to access all areas as a data user rather than a data owner.

Your personal profile may be used for the following purposes:

  • To allow others to contact you through your listed email address.
  • To enable anonymised data gathering on matters with respect to the UK Mathematical Sciences People Pipeline. Further information about the UK Mathematical Sciences People Pipeline can be found here:  http://www.cms.ac.uk/files/News/article_5630c69e789971.96989222.pdf
  • To keep you informed of LMS services, activities and products.

Information held in the MSDirectory is considered public and may be published, shared or otherwise transferred to outside parties, unless the data owner has updated privacy settings within their profile.  By providing this information for inclusion in the MSDirectory, you may receive communications from anyone registered to use the MSDirectory. All registered members and users of the MSDirectory are required to abide by the Terms of Use, which includes the purposes for which they may use your information and a list of prohibited uses.

Data Mining

The LMS holds the copyright of the LMS MSDirectory and this is made clear on the website. It is also made clear on the website that any person/organisation found to be data mining the LMS MSDirectory for purposes other than those reasons for which the LMS MSDirectory has been set up, may be considered to have breached intellectual property/data protection legislation leading to prosecution and sanctions by the Information Commissioner’s Office (ICO).

To minimise data mining for purposes outside of approved use, the LMS MSDirectory has been structured to operate in such a way as to make it as difficult as possible to data-mine on a wholesale basis. For example, email addresses will not be listed on any full results page but rather only on an individual detail page.

Back to Top


 

Authors and Co-Authors submitting papers to LMS Publications

Authors and co-authors who wish to submit papers to LMS publications via Editflow should read the Privacy Notice for LMS Publications

Back to Top


 

Users of LMS conference facilities and visitors to De Morgan House

Personal data provided by a client e.g. name, company address and email will be stored used to provide services for that client’s booking.  Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) will be asked to sign in and out of the building to comply with Health & Safety regulations.

Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) should be aware that the premises are monitored by CCTV cameras.

Back to Top


 

Job applicants, current and former LMS employees

When individuals apply to work at the LMS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the LMS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the LMS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Back to Top


 

People who contact the LMS

People who call the LMS

When you call the LMS, we do not record our calls.

People who email the LMS

Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy.  Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

Back to Top


 

People who use LMS products, services and activities

The LMS offers various services, products and activities to its members and the public. We use third parties to deal with some publication requests, but they are only allowed to use the information to send out the publications and/or set up online access.

We use a third party, SurveyMonkey.com, to deal with some event registrations and online surveys.  For more information on how SurveyMonkey.com processes data, please see the privacy policy for SurveyMonkey.com

We may disclose personal information contained in grant applications and prize nominations to third parties for the purposes of obtaining confidential references.

We have to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might send information about people who have registered for an event to the venue for the event so they know who is at the venue in case of an emergency. 

When people do subscribe to our services or register for our events, they can cancel their subscription or registration at any time and are provided with an easy way of doing this.

Back to Top


 

Complaints or Queries

The LMS tries to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the LMS’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address detailed in the “How to Contact Us” section of this document.

Back to Top