At Biotechmet and WiB, we take your privacy and personal data seriously and we are committed to letting you know how we use your personal information and to do so responsibly.
We aim to ensure that all personal data collected, stored and processed is managed in accordance with the General Data Protection Regulations (GDPR). Biotechmet and WiB seek to hold the minimum amount of information required to enable it to perform its functions.
Personal data refers to any information relating to an identified or identifiable natural living person. This includes information such as name or other identifier, location information or another online identifier (including email address). In addition, there are additional special categories of personal data which we may collect, including racial or ethnic origin and age.
We will only hold and process data in accordance with the information provided below. Data may be held in both paper and electronic formats. We collect information directly from yourself.
The GDPR requires that personal data be dealt with according to six principles, which Biotechmet and WiB deals with as follows:
We will only process personal data where:
No automated decision making processes are operated by Biotechmet or WiB.
In the event that a third party has access to your personal data through their operational role with Biotechmet or WiB (for example, the providers of IT support), we will obtain assurances that their systems and processes are maintained in accordance with the GDPR requirements.
1.1We will collect personal information from you when we work with you. This may include your name, title, physical and email addresses, telephone numbers, age and any further information which we require, or you divulge to us in relation to our work with you.
1.2We will collect personal information from our trustees. This may include your name, title, physical and email addresses, telephone numbers, date of birth, nationality and country of birth and any further information which we require you to divulge to us in order that we may satisfy legal and regulatory requirements. We will collect personal information from our staff sufficient to deliver our regulatory and other responsibilities to those individuals.
1.3We will collect limited personal information from other individuals who contact Biotechmet or WiB regarding our work or where we are made aware of individuals who might assist with the dissemination of our work.
1.4We will not sell or pass on to any organisation personal information other than as identified in this policy, without explicit consent.
2.1We will use your personal information to process our work with and communicate with you. Your signing of our consent form confirms your explicit consent for us to process your data for these purposes.
2.2If you are a trustee of Biotechmet, we will share your name, addresses and telephone numbers with the Charity Commission, information they require for the maintenance of our charitable status and with trusted providers where that is necessary for operational or legal purposes (eg auditors/independent examiners, IT providers etc). Any further information you provide to us for any other purpose, will be used for that purpose only. For specific actions or projects, we reserve the right to share contact details with trusted professional advisers so that direct communication can be made if necessary. We will not do this as a matter of course. Your name will remain on minutes from meetings you have attended and to record your time as a trustee, indefinitely, as part of our historic records.
2.3Appropriate staff information will be shared with other organisations to ensure that Biotechmet and WiB can operate in accordance with its regulatory requirements, statutory requirements and with third party organisations which provide services to Biotechmet and WiB on their behalf. These latter include but are not limited to organisations providing payroll and pension services and life assurance or other insurance services. Other organisations involved in assisting Biotechmet and WiB manage their operations may have access to information (for example, IT providers).
2.4We will not sell or pass on to any organisation not explicitly involved in the management of Biotechmet or WiB or any necessary statutory body, any information we hold about you.
2.5Your name will remain on minutes from meetings you have attended and to record your time as a member of staff, indefinitely, as part of the historic records of Biotechmet and WiB.
2.6In order to undertake their work, we will share documents and other records with our auditors/independent examiners. This may include personal information in respect of anyone with whom we engage. This data will be incidental to the completion of the audit and will not be shared any further.
2.7In the event that a circumstance arises where we are required to share personal data with lawyers, we reserve the right to provide that data to them in accordance with legal obligations.
3.1We will take reasonable precautions to prevent the loss, misuse or alteration of information you give to us. We may communicate with you by email and such communications will not be encrypted.
3.2Whilst we will endeavor to keep our systems and communications protected against viruses and other harmful impacts, we cannot bear responsibility for all communications being virus free.
3.3In the unlikely event of a suspected data breach, we will investigate the circumstances and if a breach appears likely, inform the trustees and if necessary, the Information Commissioner's Office (ICO) within 72 hours of the suspected breach being identified. If we believe there is a risk of a potential impact on you, e.g. the risk of a financial loss, we will contact you directly to inform you of the breach. We will record all suspected breaches in our internal breach log. In the event that a breach has been suspected, we will take actions to mitigate the risks to you.
3.4All staff are provided with training on our data protection policies as part of their induction process.
4.1As we will be obtaining consent and therefore personal information for web based information which will be made public indefinitely, we will also keep your personal data indefinitely. We will keep financial records in accordance with government requirements (currently six financial years after the year in which the final payment is made).
4.2We will keep trustee data for the period that you are a trustee and for a further six years. We will keep a record of who has acted as a trustee and the dates of their appointments, indefinitely.
4.3We will keep staff data for the period that you are employed and for a further six financial years after the year in which you leave.
4.4We will keep data provided on application for a job with us for six months after the start date of the person in the post advertised.
5.1If cookies are used, they will only be used to assist the purposes set out in this policy.
6.1You have the right to make a “subject access request” to gain access to the personal information that Biotechmet or WiB holds about you. This must be made in writing to Biotechmet or WiB and proof of identity will be required before the request can be processed. We will process your request within one month of receiving both your request and your proof of identity. The right to make a request is extended to individuals who hold Power of Attorney for an individual, who can make requests on behalf of that individual providing they provide proof of identity and the original Power of Attorney document.
6.2You can request the information we hold about you and the purposes that we are using it for. You can ask us to stop or restrict our processing of your information, require us to correct information we hold about you that is wrong or to erase all the information we hold about you. If you want us to do any of these, then please email us at .
6.3If we consider a request to be unfounded or excessive, we may refuse to act or charge a reasonable fee to take into account the cost of processing the request. If we refuse a request, we will tell you why and that you have the right to complain to the ICO.
7.1The Data Controller for Biotechmet and WiB can be contacted by mail to the registered office for Biotechmet or by email to .
7.2If you are dissatisfied with the way we have processed your personal data, you should raise your concerns with us as soon as possible. If you are dissatisfied with the way we have handled your concern, you may ask the Information Commissioner to look into the matter. Details of how to do this can be found at www.ico.org.uk/concerns.