Privacy page

This page explains the issues relating to NomadIT holding your data on behalf of the APA, ASA, ASAUK, CHAM, EASA, EASAS, EASST, ECAS, ECSAS, IUAES, RAI, SIEF, SLAS and other academic organisations/conferences. Information on membership/conferences is held centrally in a secure online database, providing greater data security, cheaper more efficient administration, and the potential for enhanced membership facilities - such as searchable online directories, live editing of personal entries, & editing of panel/paper abstracts.

Data held and its sensitivity

The NomadIT system holds individual and organisation contact information, membership subscriptions, conference registrations, academic background/interests, panel/paper abstracts, and a record of payments made.  The only 'private' data held is a contact's Mobile phone number. This number will not be made publicly available, and is only held in order to facilitate contact by SMS during/en route to conferences - a function which has proved useful in past events. The only sensitive data held is the date of birth.

Date of birth (DoB)

The system requests your date of birth, to facilitate recognition. If the combination of name and DoB is recognised by the system when completing an online form, it will bring up your existing contact information. This recognition system allows time-saving on repeat visits (memberships/conferences); allows correlation between membership and registration; prevents double subscription/registration; while facilitating online editing of membership records, papers, etc. The DoB is not made public, nor considered in any decision-making/admin processes.  A recognition system relying on name only would be prone to error and would allow others to access your contact details easily. Our aim is to avoid your having to use a set of credentials (username and password) which might result in a security risk to other more important data held in other systems, due to the common practice of reusing such credentials on multiple systems.

We however recognise that some consider date of birth to be 'security-sensitive'. You are not obliged to supply your real DoB - as long as you use the same DoB each time, it doesn't matter. Using your real DoB has the advantage of being easy to remember.

Purpose of holding data

The data collected will only be used for the purpose for which it is provided.   This is deemed to be for invoicing/receipting of subscriptions/registration fees; and for mailings/email, relating either directly to the organisation/conference itself, or occasionally to news deemed of potential interest to the membership/conference (such as jobs, upcoming conferences, book releases, academic publishing promotions).  The data will not be disclosed to any third parties. Data will not be shared between different NomadIT clients, unless there is a relevant agreement (for example when running a bilateral conference), and NomadIT are instructed to do so by the agreeing parties.

Data subjects

Data subjects may request a copy of the personal information held about them, by emailing the organisation/conference concerned, putting 'Subject Access Request' in the subject line.

The data controller

The controller is the organisation/conference with whom the membership/conference registration is made: NomadIT works on the organisation's/conference's behalf.  As non-profit organisations the organisations/conferences are not obliged to notify the Information Commissioner of their holding data, although they are obliged to follow the Data Protection Act of 1998. The essence of that Act is detailed below.
If you have any complaints/enquiries, please email the relevant organisation/conference directly (see their specific websites for contact info); alternatively you can contact rohan(at)nomadit.co.uk if you wish to discuss issues relating to Data protection.

The eight principles

The Data Protection Act 1998 sets out eight rules that data controllers must follow for protecting personal information. Personal data must be:

If a data controller's processing of personal information does not comply with the principles, the Information Commissioner can take enforcement action against that data controller.

NomadIT 2009