Privacy page

This page explains the issues relating to NomadIT holding your data on behalf of current clients (ASA, CESS, EAJS, EASA, EASST, ECAS, RAI, SIEF & WCAA) and previous clients (APA, CHAM, EASAS, EurASEAA, IUAES, SLAS, TAG) and other academic organisations/conferences. Information on membership/conferences is held centrally in a secure online database, providing greater data security, cheaper more efficient administration, and the potential for enhanced membership facilities - such as searchable online directories, live editing of personal entries, & editing of panel/paper abstracts.

GDPR

NomadIT complies with the requirements and principles of GDPR (transparency, purpose limitation, data minimisation, accuracy, storage limitation, confidentiality and accountability) in its approach to your data.

Data held and its sensitivity

The NomadIT system holds individual and organisation contact information, membership subscriptions, conference registrations, academic background/interests, panel/paper abstracts, and a record of payments made.  The only 'private' data held is a contact's mobile phone number which is not made publicly available, and is held in order to facilitate contact by SMS during/en route to conferences - a function which has proved useful in past events. We are currently working on removing physical address data (except where required for journal mailings) from our dataset and forms. The only sensitive data held is the date of birth.

Date of birth (DoB)

Prior to changes made in 2020, our system requested a date of birth to facilitate login. The DoB did not have to be the real DoB, nor was it made public, nor considered in any decision-making/admin processes.  We have since updated our login to use a more conventional email and password pair, so DoB is not longer being gathered, and as older accounts are upgraded, it is being removed.

Purpose of holding data

The data collected will only be used for the purpose for which it is provided.   This is deemed to be for invoicing/receipting of subscriptions/registration fees; and for mailings/email, relating either directly to the organisation/conference itself, or occasionally to news deemed of potential interest to the membership/conference (such as jobs, upcoming conferences, book releases, academic publishing promotions).  The data is held on behalf of our clients and will not be disclosed to any third parties. Data will not be shared between different NomadIT clients, unless there is a relevant agreement (for example when running a bilateral conference), and NomadIT are instructed to do so by the agreeing parties.

Data subjects (access and/or removal)

Data subjects may request a copy of the personal information held about them, by emailing the organisation/conference concerned (or info(at)nomadit.co.uk), putting 'Subject Access Request' in the subject line.
Data subjects may request that their personal information be removed from our system, by emailing the organisation/conference concerned (or info(at)nomadit.co.uk), putting 'Subject Date Removal Request' in the subject line.
If Data subjects have any concerns about their data security they may write about these to info(at)nomadit.co.uk.

Server locations

NomadIT uses two servers located in California, an Amazon email server located in Eire, a Google Drive server located in the US; and makes use of other software such as Zoom, Shindig, Whova, Pheedloop most of whom use servers in the US. In all cases we look for compliance with GDPR or the principles of GDPR.

Data relating to Funding applications for conferences

We usually gather Funding application data via Google Forms. This data is stored securely within the NomadIT Google suite (Drive). The information is held for up to two years after the conclusion of a conference, in order that we can answer questions regarding due process within funding allocation, from sponsors/funders/executive committees/applicants. After that it is deleted, and all that remains stored in conference accounts is a list of names, affiiliations, and email addresses of those funded and the amounts received.

Other data on Google Drive

We also use Google forms to gather Student volunteer data for conferences - this data is deleted two years after a conference is concluded.
We store conference account spreadsheets on Drive, and these files contain ledgers of payments received, funding allocated, and a full list of delegates. This data is required for accounting purposes and is not removed after a time. However the delegate data held is limited to name, institutional affiliation, country and email.

Backups

NomadIT backs up its main database and all websites and retains backup data for up to three years, after which those backups are destroyed.

The data controller

NomadIT functions as the data controller on behalf of the organisation/conference with whom the membership/conference registration is made. NomadIT is registered with the Information Commissioner (No. ZA811094), and follows both GDPR and the Data Protection Act of 1998. The essence of that Act is detailed below.
If you have any complaints/enquiries, please email the relevant organisation/conference directly (see their specific websites for contact info); alternatively you can contact info(at)nomadit.co.uk if you wish to discuss issues relating to Data protection.

The eight principles

The Data Protection Act 1998 sets out eight rules that data controllers must follow for protecting personal information. Personal data must be:

If a data controller's processing of personal information does not comply with the principles, the Information Commissioner can take enforcement action against that data controller.

NomadIT 2021