EUROCALL European Association for Computer Assisted Language Learning

GDPR Statement

EUROCALL

GENERAL DATA PROTECTION REGULATION POLICY STATEMENT

This statement outlines how the General Data Protection Regulation (GDPR) (EU) 2016/679, which came into effect on 25th May 2018, (replacing the 1998 Data Protection Act) relates to EUROCALL.  Under this regulation, EUROCALL has an obligation to protect all the data it holds legitimately.

GDPR differs from previous data protection legislation in that it gives individuals greater rights over their own data. As we are a member organisation, it is legitimate that we hold information for the purposes of contact regarding our research and educational activities. That data normally consists of your name, institution, email address and postal address. In the case of student members, they must forward us their supervisor's name and address.  It is understood that an individual joining the association consents to our holding the contact details they provide.  All the personal information given to us by members is processed in accordance with the Data Protection legislation. Please note that EUROCALL holds no payment information, as membership payments are processed via PayPal or by bank transfer.

Control of Data
The EUROCALL Executive Committee is the Data Controller for the Association.

The Data Control Leads are the Secretary and Treasurer of the Association.

The following points outline how we are seeking to comply with this legislation in relation to the data we hold:
- EUROCALL has created a data inventory of all the personal data that we hold.
- The information is stored securely and safely at EUROCALL Headquarters.
- All membership data is hosted on the 123 Reg secure website, which is password encrypted. Data can only be accessed by the Secretary, the Treasurer and the Webmaster.
- Correspondence relating to EUROCALL administration is held on the password protected EUROCALL computer at the Headquarters at the University of Ulster.  Email accounts are also password encrypted, and the office cabinet is locked at all times when not in use.

Information about, or photographs of members on our website are only used with consent from the individuals concerned. Consent for the use of images is normally given (or withheld) as part of conference participation.

- No personal financial information is retained by EUROCALL, as all financial transactions are conducted through the member's bank, or through PayPal.

Use of Personal Information
Personal information will only be used for the normal business of the Association and no other, without further consent.  This information will be used for the following purposes:
- To enable you to register for EUROCALL events, including the EUROCALL conference
- To enable EUROCALL to contact you, by email, on EUROCALL-related matters
- To enable you to apply for or to renew your membership of EUROCALL
- To enable us to fulfil our obligations to you as a EUROCALL member
- To enable you to take part in EUROCALL activities

EUROCALL uses abstract management and peer-review systems supported by external agencies for the processing of conference paper submissions. These services are anonymised and password protected, and the personal information is kept no longer than three months after the end of the conference. Conferences often make us of the conference app Guidebook. These external sites have their own privacy policies and can be accessed here:
Open conf: https://www.openconf.org/arch2019/author/privacy.php
Guidebook: https://guidebook.com/gb/privacy/

Third Party Information
- The only third party with whom third party member information is shared is Cambridge University Press. They hold the names and contact details for members who receive hard copies of the journal, ReCALL, and of authors and reviewers on a secure server.
- No information will be shared with any other body unless at the behest of the member concerned.
- In all cases, only the minimum necessary amount of data will be retained.
- The information EUROCALL holds will be accurate.
- The information will be kept up-to-date and outdated information deleted.
- Members' data will only be retained while an individual remains a fully-paid-up member of the Association. Information on former members will not be retained.

Members' Information Rights
All members have the right:
- to be informed about the collection, storage and use of their data
- to request access to their personal data from a Data Controller and receive their response within a month
- to request that inaccurate or incomplete personal data be corrected and to receive their response within a month
- to request the removal of their personal data within one month

Breach notification
In the event of a data breach, EUROCALL will notify you without undue delay after we have been made aware of the data breach and ascertained what personal data have been affected.

The EUROCALL Executive is continually identifying and addressing emerging privacy and security risks and updating this policy statement accordingly.
 
AGREED by the EUROCALL Executive Committee on 2nd May 2019.