ToScA Privacy Policy

Last updated: 7th Jan 2019
The Tomography for Scientific Advancement Society (collectively, "ToScA," "we," "us" or "our") recognises the importance of protecting the personal information collected from users in the operation of its services and takes reasonable steps to maintain the security, integrity and privacy of any information in accordance with this Privacy Policy. By submitting your information to ToScA you consent to the practices described in this policy. If you are less than 18 years of age, then you must first seek the consent of your parent or guardian prior to submitting any personal information.
This Privacy Policy describes how ToScA collects and uses the personal information you provide to ToSca. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

1. HOW WE COLLECT INFORMATION
ToScA may collect personal information from you in the following ways: (1) directly from your verbal or written input (such as by consenting to receiving marketing emails); (2) automatically through the ToScA website technologies including tracking online, such as by web cookies (which are small text files created by websites that are stored on your computer) cookies policy (see below); or (3) social media platforms.

2. INFORMATION YOU PROVIDE
The types of personal information that ToScA collects directly from you may include:
Contact details, such as your name, email address, postal address and telephone number;
Internet Protocol ("IP") addresses used to connect your computer to the Internet;
Educational and professional interests;
Tracking codes such as cookies;
Usernames for the ToScA website;
Payment information, such as a credit or debit card number, this information will not be stored;
Comments, feedback, posts and other content you provide to ToScA (including through the ToScA website);
Communication preferences;
Location-aware services, the physical location of your device in order to provide you with more relevant content for your location;
Information about your personal preferences, hobbies and interests; and
Communications with other users of ToScA services.
In order to access certain content and to make use of additional functionality and features of the ToScA websites and services, we may ask you to register for an account by completing and submitting a registration form, which may request additional information.
Before submitting personal information on behalf of someone else you must ensure you have their permission to do so for both the disclosure and the collection and use of information listed in this policy.

3. USE OF YOUR INFORMATION
ToScA may use your personal information in the performance of any contract we enter into with you, to comply with legal obligations, or where ToScA has a legitimate business interest in using your information to enhance the services and products we provide. Legitimate business purposes include but are not limited to one or all of the following: providing direct marketing and assessing the effectiveness of promotions and advertising; modifying, improving or personalising our services, products and communications; detecting fraud; investigating suspicious activity, and otherwise keeping our site safe and secure; and conducting data analytics.
In addition, we may use your information in the following ways (after obtaining your consent, if required):
To provide you with information about products and services that you request from us;
To send you updates or correspondence from ToScA;
To provide you with information about other products, events and services we offer that are either (i) similar to those you have already purchased or inquired about, or (ii) entirely new products, events and services;
For internal business and research purposes to help enhance, evaluate, develop, and create the ToScA website (including usage statistics, such as "page views" on the ToScA websites and the products therein), products, and services;
To notify you about changes or updates to our websites, products, or services;
To administer our services and for internal operations, including troubleshooting, data analysis, testing, statistical, and survey purposes;
To allow you to participate in interactive features of our service; and
For any other purpose that we may notify you of from time to time.
Personal information will not be kept longer than is necessary for the purpose for which it was collected. This means that, unless information must be retained for legal or archival purposes, personal information will be securely destroyed, put beyond use or erased ToScA's systems when it is no longer required or, where applicable, following a request from you to destroy or erase your personal information.

4. DISCLOSURE AND SHARING OF YOUR INFORMATION
ToScA will not disclose to or share your personal information with any unaffiliated third party except as follows:
Where necessary in connection with services provided by third parties (i) who provide us with a wide range of office, administrative, information technology, production, payment, or business management services, and (ii) who are required to comply with this policy;
Where you voluntarily provide information in response to an advertisement from a third party;
Where your consent has been provided, with a third party such as an academic institution, school, employer, business or other entity which has provided you with access to a product or service, information may be shared regarding your engagement with the service or product, results of assessments taken and other information you input into the product or service;
Where ToScA is required to disclose personal information in response to lawful requests by public authorities and government agencies, including to meet national security or law enforcement requirements; to comply with a subpoena or other legal process; when we believe in good faith that disclosure is necessary to protect our rights, to enforce our Terms of Service, or to protect the rights, property or safety of our services, users or others; and to investigate fraud.
5. CROSS BORDER TRANSFERS
ToScA may transfer your personal information outside of your country of residence for the following reasons:
In order to process your transactions, we may store your personal information on our servers and those servers may reside outside the country where you live. ToScA has servers in the United Kingdom. ToScA service providers are mainly located in the United Kingdom, however, some may reside outside of the United Kingdom. Such processing may include, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services.
ToScA is an International Society, in order to satisfy global reporting requirements, ToScA may be required to provide your personal information to affiliates in other countries.
By submitting your personal information, you agree to this transfer, storing or processing of your information. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy and all applicable data protection laws.

6. SECURITY
We will use appropriate physical, technical and administrative safeguards to protect your data. Access to your personal data will be restricted to only those who need to know that information and required to perform their job function. In addition, we train our employees about the importance of maintaining the confidentiality and security of your information.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Transmitting information over the internet is generally not completely secure and we can’t guarantee the security of your data. Any data you transit is at your own risk.

7. DISCLOSURE IN CHAT ROOMS OR FORUMS
You should be aware that identifiable personal information--such as your name or e-mail address--that you voluntarily disclose and that is accessible to other users (e.g. on social media, forums, bulletin boards or in chat areas) could be collected and disclosed by others. ToScA cannot take any responsibility for such collection and disclosure.

8. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
9. COOKIES
As is true of most websites, we gather certain information automatically. This information may include IP addresses, browser type, Internet service provider ("ISP"), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyse trends in the aggregate and administer the site.
ToScA and its partners use cookies or similar technologies to analyse trends, administer the website, track users' movements around the website, and to gather demographic information about our user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or services.

10. YOUR RIGHTS
You have the right to make a written request to be informed whether or not we hold or process any of your personal information (by emailing info@toscainternational.org). In your written request, you may:
Request that we provide you with details of your personal information that we process, the purpose for which it is processed, the recipients of such information, the existence of any automated decision making involving your personal information, and what transfer safeguards we have in place;
Request that we rectify any errors in your personal information;
Request that we delete your personal information if our continued processing of such information is not justified;
Request that we transfer your personal information to a third party;
Object to automated decision-making and profiling based on legitimate interests or the performance of a task in the public interest (in which event the processing will cease except where there are compelling legitimate grounds, such as when the processing is necessary for the performance of a contract between us);
Object to direct marketing from us; and
Object to processing for purposes of scientific, historical research and statistics.
Where applicable under your local laws, we will not use your personal information for marketing purposes, nor disclose your information to any third parties, unless we have your prior consent, which we will seek before collecting your personal information. You can exercise your right to prevent such processing by checking certain boxes on the consent forms we use when collecting your personal information. If at any point you wish to review or change your preferences you can use the "opt-out" or unsubscribe mechanism or other means provided within the communications that you receive from us or by sending an email to info@toscainternational.org. Note that you may still receive transactional communications from ToScA.

11. THIRD PARTIES
ToScA’s websites or services may include links to third-party websites. In using such links, please be aware that each third-party website is subject to its own privacy and data protection policies and is not covered by our Privacy Policy. You should exercise caution and look at the privacy statement applicable to the website in question.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the General Protection Regulation (GDPR). If you would like a copy of the information held on you please write to info@toscainternational.org.
If you believe that any information we are holding on you is incorrect or incomplete, email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

12. CHANGES TO THIS PRIVACY POLICY
Please note that ToScA ‘s Privacy Policy is reviewed periodically. ToScA reserves the right to modify its Privacy Policy at any time without notice. Any changes to the Privacy Policy will be posted on this page and will become effective on the date of posting. We encourage you to periodically review this page for the latest information on our privacy practices.

13. ONLINE PAYMENTS
The ToScA website will accept online payments by credit/debit card from the following major credit card scheme, Stripe.
All our online payments are handled through Stripe, and you can review their Privacy Policy on their website (https://stripe.com/gb/privacy). We will only share information with them to the extent necessary for the purposes of making payments and refunds via our website and answering any related queries. All credit card information will be securely disposed of once the payment has been processed, no credit card information will be stored within the ToScA database. ToScA is a PCI compliant Organisation.

14. RECOURSE
Any comments, complaints or questions concerning this policy or complaints or objections about our use of your personal information should be addressed by directing your comments to the ToScA Board via email to info@toscainternational.org
Please note, any concerns with how ToScA handle your information will be treated with great concern and addressed accordingly to meet your needs and the requirements set out under the GDPR.
If your request has not been acknowledged, or you are concerned in the way ToScA is treating your information, you may seek further guidance from the Information Commissioners Office (ICO) at http://www.ico.org.uk/.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.