Date of posting: May 2017
- Welcome to www.irefer.org.uk (“Site”), which is owned and operated by The Royal College of Radiologists (“RCR”, “we” or “our” as applicable).
For the purpose of the Data Protection Act 1998, the RCR is the data controller of the personal information collected and processed through this Site. For further information about the RCR and our contact details please see Contact Us below.
THE PERSONAL INFORMATION WE COLLECT AND HOW WE USE IT
- When you place an order with us via the Site, we collect information such as your full name, address/billing address, e-mail address and telephone number and other contact information.
- Where you are placing an order on behalf of your organisation, we also collect the name and address of your organisation.
- When you first register and set up an administration account and/or shared account for authorised users, we also collect a password from you.
- If you have purchased access for a number of your organisation’s authorised users then:
- If you are creating a subuser or master account for a named user to access the Site via an individual log-in, we collect the full name, email address and a password for each of the authorised user accounts that you create.
- If you wish to set up access via authorised internet protocol (IP) addresses, then we will collect each IP address that you specify for this purpose.
- If you/your authorised users contact us via email, we collect personal information such as your name (and/or your organisation) and email address as well as any other personal information you disclose in your message to us.
We use this information:
To process your order and set up and administer your master/authorised user accounts.
To send you/your authorised users updates and information about the Site and your/their access and use of the iRefer guidelines.
To send you e-mail marketing messages regarding our products and services and special promotional offers, where you have indicated that you are happy to receive such marketing messages.
- To respond to your/your authorised users’ queries.
We need to collect and hold this personal information about you for the fulfilment of a contract; without this information we would not be able to provide your access to the Site. We will retain the information for the lifetime of the edition of iRefer (usually four years from the date of publication). In line with the Data Protection regulations, you have the right to request the erasure or correction of the personal data that we hold about you at any point.
INFORMATION SHARING AND DISCLOSURE
- We do not sell or rent your personal information. We may, however, give information about you to the following, for the express purposes set out below.
If you place an order:
to our employees and agents for them to provide services in connection with the Site, for example to process your order and send you an order confirmation e-mail; and
when you pay for your purchase using the Site, to Bucks.Net Services Ltd in order for it to authorise and approve your payment card and to process the card transaction.
If you create a master and/or user account using the Site:
- to our employees and agents (who may be operating outside the European Economic Area (“EEA”)) for them to administer the services provided to you and any authorised users (where applicable) through the Site.
If you have provided your consent to receive e-mail marketing messages from the RCR:
- to our employees or agents to enable them to send you those e-mail marketing messages.
Transfer of business
- We may need to disclose personal information to protect our and our licensors’ rights and property or to comply with any applicable law or valid legal process.
If we do give your information to any third parties in the circumstances set out above, we always require they adhere to the same security procedures that we follow ourselves.
TRANSFER OF INFORMATION OUTSIDE EEA
We share your personal information with authorised third party service providers for the purpose of operating, managing and administering the accounts and services provided to you through the Site. Consequently, your information may be transferred to, stored at, or processed at a destination outside the EEA.
HOW DO WE PROTECT PERSONAL INFORMATION
- As required by UK Data Protection law, we follow strict security procedures in the storage and disclosure of information which you have given to us, to prevent unauthorised access.
- Please see paragraph 8 for further details regarding the security measures we use on this Site. If you have any concerns about security, please email us at firstname.lastname@example.org.
COOKIES AND AGGREGATED INFORMATION
Cookies and log files
- While on the Site, certain information is automatically logged about how you are using the Site. This information may include the URL of the website which linked you to this Site, your IP address and the pages you visit while on the Site. The IP address indicates the location of your device on the internet. IP addresses are not used to track your session and are not linked to anything personally identifiable.
- Like many websites, we also use a feature known as a cookie. A cookie is a small data file that is sent to your browser from a web server and resides on your device and which allows us to recognise you as a user when you return to the Site using the same device and web browser. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
- We use the following cookies for the purposes listed in the table below. Please note that some of the cookies we use have already been set and these are marked with an asterisk (*) :
|Essential site cookie for single sign on session control|
Value: (this will be a unique value
This cookie is essential to control your access to the iRefer website using the single sign on service from www.rcr.ac.uk
|Essential site cookie for session control||SSESS1b203b5141c297db71ee1a09e154baad (or similar)||This cookie is essential to track your logged in status on the iRefer website.||Persistent cookie, max age: 23 days|
|Essential site cookie for session control||session_api_session||This cookie is essential to allow enhanced tracking of sessions across logins and logouts.||Persistent cookie, max age: 30 days|
|Essential cookie for IP based login|
|This cookie tracks if a user who could login via an IP address is also able to login as a different user.||Session cookie|
These cookies are used to collect information about how visitors use our Site. We use the information to compile reports and to help us improve the Site. The cookies collect information in an anonymous form, including the number of visitors to the Site, where visitors have come to the site from and the pages they visited.
To opt out of being tracked by
|Essential site cookie to store the current user preference on how content can be sorted in the UI||Drupal.tableDrag.showWeight|
Value: 0 or 1
|Used in the admin interface to control if a user sees a dragable interface or a dropdown weighting to reorder content.||Persistent cookie, max age: 1 year|
|Essential site cookie to store the current users cookie consent|
Value: 0 or 1
|Used to track whether user has given consent for this site to set cookies||Persistent cookie, max age: 100 days|
We may share non-personal aggregated statistics data about visitors to this Site and sales and traffic patterns with third parties. Just to be clear, this information does not identify users in any personal capacity; it just gives generalised information about the users of our Site.
- As required by UK Data Protection law, we follow strict security procedures in the storage and disclosure of information which you have given to us, to prevent unauthorised access. In particular, we use Secure Sockets Layer (SSL) software to encode your personal information. SSL encrypts your contact details and your password as it travels through the Internet. Encryption creates billions of code combinations to protect each transaction made on the Site, so your details cannot be viewed by anyone else using the internet.
- Despite using this technology, we cannot guarantee the security of the information that you disclose to us. You accept the inherent risks of providing information and dealing on-line and will not hold us responsible for any breach of security unless this is due to our negligence or wilful default.
ACCESSING AND UPDATING YOUR PERSONAL INFORMATION
- You can access and rectify certain of your personal information by clicking on ‘My account details’=>‘Edit my details’ whilst in the ‘My account’ area of the Site. You can also edit details of any authorised user accounts that you have created using that area.Alternatively you can contact us by e-mail at email@example.com.
- Under the Data Protection Act you have the right to see the personal information that we hold about you, whether collected through your use of this Site or through any communications that you have had with us. You will need to provide us with a written request and pay a small fee. If you have any queries about your right or wish to make such a request please contact us by e-mail at firstname.lastname@example.org or by post addressed to the Data Protection Team, 63 Lincoln's Inn Fields , London, WC2A 3JW.
The Site is owned and operated by The Royal College of Radiologists, a body constituted by Royal Charter in England and a charity registered with the Charity Commission for England and Wales.
Principal Address: The Royal College of Radiologists, 63 Lincoln's Inn Fields London WC2A 3JW, UK
Telephone: +44(0) 20 7405 1282
Charity registration no: 211540