Privacy & Cookies

Date of posting: May 2017

INTRODUCTION

  1. Welcome to www.irefer.org.uk (“Site”), which is owned and operated by The Royal College of Radiologists (“RCR”, “we” or “our” as applicable).

  2. For the purpose of the Data Protection Act 1998, the RCR is the data controller of the personal information collected and processed through this Site. For further information about the RCR and our contact details please see Contact Us below.

  3. We are committed to safeguarding the privacy of users of the Site, whilst ensuring that you receive a high quality service. Please read the following Privacy Policy to understand how we use and protect the information that you provide.

  4. Please note that by visiting and using the Site you are agreeing to the use of your personal information as described in this Privacy Policy.
  5. If you have any queries or concerns regarding this Privacy Policy, please contact us by email at irefer@rcr.ac.uk

THE PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT

  1. When you place an order with us via the Site, we collect information such as your full name, address/billing address, e-mail address and telephone number and other contact information.
  2. Where you are placing an order on behalf of your organisation, we also collect the name and address of your organisation.
  3. When you first register and set up an administration account and/or shared account for authorised users, we also collect a password from you.
  4. If you have purchased access for a number of your organisation’s authorised users then:
  • If you are creating a subuser or master account for a named user to access the Site via an individual log-in, we collect the full name, email address and a password for each of the authorised user accounts that you create.
  • If you wish to set up access via authorised internet protocol (IP) addresses, then we will collect each IP address that you specify for this purpose.
  1. If you/your authorised users contact us via email, we collect personal information such as your name (and/or your organisation) and email address as well as any other personal information you disclose in your message to us.

We use this information:

  1. To process your order and set up and administer your master/authorised user accounts.

  2. To send you/your authorised users updates and information about the Site and your/their access and use of the iRefer guidelines.

  3. To send you e-mail marketing messages regarding our products and services and special promotional offers, where you have indicated that you are happy to receive such marketing messages.

  4. To respond to your/your authorised users’ queries.

We need to collect and hold this personal information about you for the fulfilment of a contract; without this information we would not be able to provide your access to the Site. We will retain the information for the lifetime of the edition of iRefer (usually four years from the date of publication). In line with the Data Protection regulations, you have the right to request the erasure or correction of the personal data that we hold about you at any point.

INFORMATION SHARING AND DISCLOSURE

  1. We do not sell or rent your personal information. We may, however, give information about you to the following, for the express purposes set out below.

If you place an order:

  • to our employees and agents for them to provide services in connection with the Site, for example to process your order and send you an order confirmation e-mail; and

  • when you pay for your purchase using the Site, to Bucks.Net Services Ltd in order for it to authorise and approve your payment card and to process the card transaction.

If you create a master and/or user account using the Site:

  • to our employees and agents (who may be operating outside the European Economic Area (“EEA”)) for them to administer the services provided to you and any authorised users (where applicable) through the Site.

If you have provided your consent to receive e-mail marketing messages from the RCR:

  • to our employees or agents to enable them to send you those e-mail marketing messages.

Transfer of business

  • if ownership or operational control of all or part of the Site were transferred, whether as part of the sale, merger or re-organisation of the RCR, its assets or otherwise, we may disclose your personal information to the transferee.If that happens, we would require them to use your information in a way that is consistent with this Privacy Policy.

Legal requests

  • We may need to disclose personal information to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process.

If we do give your information to any third parties in the circumstances set out above, we always require they adhere to the same security procedures that we follow ourselves.

TRANSFER OF INFORMATION OUTSIDE EEA

  1. We share your personal information with authorised third party service providers for the purpose of operating, managing and administering the accounts and services provided to you through the Site. Consequently, your information may be transferred to, stored at, or processed at a destination outside the EEA.

  2. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

HOW DO WE PROTECT PERSONAL INFORMATION

  1. As required by UK Data Protection law, we follow strict security procedures in the storage and disclosure of information which you have given to us, to prevent unauthorised access.
  2. Please see paragraph 8 for further details regarding the security measures we use on this Site.  If you have any concerns about security, please email us at irefer@rcr.ac.uk.

COOKIES AND AGGREGATED INFORMATION

Cookies and log files

  1. While on the Site, certain information is automatically logged about how you are using the Site. This information may include the URL of the website which linked you to this Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your device on the internet.  IP addresses are not used to track your session and are not linked to anything personally identifiable.  
  2. Like many websites, we also use a feature known as a cookie. A cookie is a small data file that is sent to your browser from a web server and resides on your device and which allows us to recognise you as a user when you return to the Site using the same device and web browser. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. 
  3. We use the following cookies for the purposes listed in the table below.  Please note that some of the cookies we use have already been set and these are marked with an asterisk (*) :
Cookie summary

Cookie

Name

Purpose

More information 

Essential site cookie for single sign on session control

SimpleSAMLSessionID

Value: (this will be a unique value
for every session)

This cookie is essential to control your access to the iRefer website using the single sign on service from www.rcr.ac.uk

Session cookie

Essential site cookie for session controlSSESS1b203b5141c297db71ee1a09e154baad (or similar)This cookie is essential to track your logged in status on the iRefer website.Persistent cookie, max age: 23 days
Essential site cookie for session controlsession_api_sessionThis cookie is essential to allow enhanced tracking of sessions across logins and logouts.Persistent cookie, max age: 30 days
Essential cookie for IP based login

ip_login_as_different_user

Value: 1

This cookie tracks if a user who could login via an IP address is also able to login as a different user.Session cookie

Google Analytics

_utma
_utmb
_utmc
_utmz

These cookies are used to collect information about how visitors use our Site. We use the information to compile reports and to help us improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, where visitors have come to the site from and the pages they visited.

Click here for an overview
of privacy at Google

To opt out of being tracked by
Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout

Essential site cookie for indicating the presence of javascript in the clients browser

has_js

Value: 1

This cookie stores whether the user has javascript enabled.

Session cookie

Essential site cookie to store the current user preference on how content can be sorted in the UIDrupal.tableDrag.showWeight

Value: 0 or 1		Used in the admin interface to control if a user sees a dragable interface or a dropdown weighting to reorder content.Persistent cookie, max age: 1 year
Essential site cookie to store the current users cookie consent

cookie-agreed

Value: 0 or 1

Used to track whether user has given consent for this site to set cookiesPersistent cookie, max age: 100 days

  1. Most browsers are set up to accept cookies, but you can configure your browser to refuse most cookies or, with certain browsers, to notify you when you have received one. If you want to stop cookies being stored on your device in future, please refer to your browser manufacturer's instructions by clicking "Help" in your browser menu. Further information on deleting or controlling cookies is available at www.AboutCookies.org. However, please note that whilst by doing you may still be able to access the homepage of the Site and certain other pages such as our Terms or this Privacy Policy, you will not be able to place any orders from the Site or access the iRefer guidelines.The functionality of certain other features we may make available through the Site may also be reduced or unavailable to you as a result.

    Aggregated information

    We may share non-personal aggregated statistics data about visitors to this Site and sales and traffic patterns with third parties. Just to be clear, this information does not identify users in any personal capacity; it just gives generalised information about the users of our Site.

LINKS

  1. The Site may contain links to third party websites and other website services that we own and operate that are not subject to this Privacy Policy. We strongly recommend that you read the privacy policy of any such websites that you visit.

SECURITY

 

  1. As required by UK Data Protection law, we follow strict security procedures in the storage and disclosure of information which you have given to us, to prevent unauthorised access. In particular, we use Secure Sockets Layer (SSL) software to encode your personal information. SSL encrypts your contact details and your password as it travels through the Internet. Encryption creates billions of code combinations to protect each transaction made on the Site, so your details cannot be viewed by anyone else using the internet.
  2. Despite using this technology, we cannot guarantee the security of the information that you disclose to us. You accept the inherent risks of providing information and dealing on-line and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.

ACCESSING AND UPDATING YOUR PERSONAL INFORMATION

  1. You can access and rectify certain of your personal information by clicking on ‘My account details’=>‘Edit my details’ whilst in the ‘My account’ area of the Site. You can also edit details of any authorised user accounts that you have created using that area.Alternatively you can contact us by e-mail at irefer@rcr.ac.uk.
  2. Under the Data Protection Act you have the right to see the personal information that we hold about you, whether collected through your use of this Site or through any communications that you have had with us. You will need to provide us with a written request and pay a small fee. If you have any queries about your right or wish to make such a request please contact us by e-mail at irefer@rcr.ac.uk or by post addressed to the Data Protection Team, 63 Lincoln's Inn Fields , London, WC2A 3JW.

CHANGES
We may make changes to this Privacy Policy at any time by sending you an e-mail with the modified terms and/or by posting a copy of them on the Site. Any changes will take effect seven (7) days after the date of our e-mail or the date on which we post the modified terms on the Site, whichever is the earlier. Your continued use of the Site after that period expires means that you agree to be bound by the modified terms.

CONTACT US

The Site is owned and operated by The Royal College of Radiologists, a body constituted by Royal Charter in England and a charity registered with the Charity Commission for England and Wales.

Principal Address: The Royal College of Radiologists, 63 Lincoln's Inn Fields London WC2A 3JW, UK
Telephone: +44(0) 20 7405 1282
email: irefer@rcr.ac.uk 
Charity registration no:   211540