The Association of Medical Research Charities (AMRC) regards the lawful and correct treatment of personal information as very important and is fully committed to the principles of data protection, as set out in the General Data Protection Regulation.

1. Why do we have this notice?

Our privacy notice will help you understand what information we collect, how we use it, and what choices you have.

A quick note on terminology: when we use the phrase “we” in this notice, it refers to AMRC only. Our members and supporters are independent organisations that have their own privacy arrangements.

When we say “our services”, we mean the services provided by AMRC – such as our newsletters, training, mailing lists and groups.

Under the General Data Protection Regulation (GDPR), AMRC is termed a ‘data controller’ which means that we are responsible for how and why personal data is used. AMRC has also appointed a Data Protection Lead who can help you with any queries about the information in this privacy notice (get in touch at [email protected]).

Please also note that this privacy notice covers the AMRC website only. Other websites linked to or from this site are not covered by this notice.

We have a separate Research Data Policy that provides a detailed explanation of how we collect and use member data (for example, information about research expenditure, activities and grants).

2. What information do we collect and receive?

We process personal data in connection with our charitable activities, to help our members to meet their charitable objects by interpreting and influencing the regulatory, policy and research environments, and connecting members to encourage collaboration and share learning.

Under GDPR, we use ‘legitimate interests’ to process your data. ‘Legitimate interests’ means the interests of our organisation in conducting and managing our activities to enable us to give you the best service. For instance, we have an interest in making sure you receive only the emails that matter to you, so we may process your information to send you only the information you are interested in. You can of course tell us if you wish to be contacted differently, or not contacted at all – see number 9 in this document for information on how you can do this.

3. What personal data could we hold about you?

You may be asked for personal data if you want to take advantage of specific services we offer, such as receiving member briefings and blog updates, joining email lists and networks or taking part in workshops, conferences and seminars.

We will use the personal information you provide to administer our relationship with you and deliver the services you have told us you wish to use or to send you information that you have requested. We may also offer you the opportunity to receive additional information about our activities or those of our members, supporters, service providers and partners. You may opt out of this at any time by contacting us.

Information that you supply will be treated in confidence and in accordance with the principles of the GDPR.

The types of personal data we hold on you might include:

  • Your full name and salutation
  • Your job title
  • The name and address of the organisation you work for or are associated with
  • Your organisation email address (never your personal email address unless you tell us that you prefer us to contact you this way)
  • Your organisation telephone number (again, never your personal telephone number unless you tell us you prefer us to contact you this way).
  • Sometimes we also store brief notes about where you may have worked before, any specific preferences you have told us about and your main areas of expertise (e.g. research, policy).

We store this information on a secure database available commercially called “Salesforce”. This information is kept as accurate as possible – all of our staff take responsibility for keeping this database up to date and have been trained in data protection.

We store your personal data just for the intended purpose (e.g. we won’t sign you up to every mailing list we run unless you ask us to), and we take steps to collect only the minimum personal data necessary, that it’s accurate, and kept for only as long as necessary, after which it is deleted from our database.

We will amend your record when you tell us that your details have changed (e.g. you change job or your organisation phone number). If you leave an organisation and would like us to delete your record, we’ll do it straight away if you tell us. Otherwise we’ll keep it on file for 3 years, after which, if we still haven’t heard from you in another capacity, we’ll delete it on your behalf.

4. How do we use your information?

We use your information to provide and improve the services we operate – such as our member briefing, our mailing lists, our events and our working groups. AMRC accesses and uses this information as reasonably necessary and in accordance with your instructions:

  • To communicate with you:
    • Through our newsletters, mailing groups, to invite you to events or speak to meetings and conferences. You can opt out of these at any time.
    • Responding to your requests. If you contact us with a problem or question, we will use your information to respond.
    • To tell you about changes in how we operate, or provide you with formal documentation as part of your membership / supportership – for instance services and administrative emails (e.g. formal papers for our AGM), billing information, key sector level information or offers that you may wish to benefit from, and important service related notices, such as security and fraud notices. These emails and messages are considered an essential part of the services provided by AMRC and you may not opt-out of them unless someone else in your organisation is willing to be contacted instead.

5. What other information could we hold?

AMRC may also collect and receive:

  • Billing and other information: members and supporters pay a subscription to AMRC. In doing so, we may collect and store the billing address, credit card information or other payment methods provided to us by your organisation.
  • Service usage information: from time to time, we conduct surveys and interviews with individuals and organisations from the sector. We will explain any specific privacy notices as part of the activity, should it differ from this privacy notice.
  • Website traffic and newsletter readings: we also store some information to enable us to see how popular pages on our website are and news items in our newsletters. This typically involves assessing aggregate level information, such as IP addresses. Analysing this information allows us to tailor our services to meet your needs.
  • Device information. We may collect information about the device you are using to access our services on, including what type of device it is, what operating system you are using, device settings, application IDs, unique device identifiers, and crash data. Whether we collect some or all of this information often depends on what type of device you are using and its settings.

6. How do we protect the security of your information?

AMRC takes security seriously. We take various organisational and technical steps to protect information you provide to us from loss, misuse, and unauthorised access, alteration or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.

Occasionally, we introduce changes or improvements to our systems. Any test data that may have been used in this connection are managed in a secure and confidential manner.

To learn more about current practices and policies regarding security and confidentiality of Customer Data and other information, please contact our Data Protection Lead.

7. What is our cookie policy?

Like most other organisations, AMRC uses cookies on its websites.

Cookies are small text files sent by us to your computer and from your computer or mobile device to us each time you visit our website. Cookies do not identify the individual user, just the computer used.

Cookies provide information to the website owner and some are essential to allow parts of the website to operate. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

AMRC uses third parties like Google Analytics for website analytics. You may opt-out of third party cookies from Google Analytics on its website.

8. When can we share and disclose your information?

For the majority of the time, we do not share the information described in this privacy notice with other organisations. However, on occasions where we run a joint event with another organisation, we do share information such as your name, email address, the organisations you work for and any special dietary or accessibility requirements for use only for that event. This is necessary in order to run the event.

You can determine your own preferences for such sharing and disclosure by contacting us at any time.

AMRC may also share information with others as follows:

  • With third party service providers and agents: we may engage third party companies or individuals, such as third party payment processors, mailing houses etc, to process information on our behalf.
  • To comply with laws: to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal process.
  • To enforce our rights, prevent fraud and for safety: to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud.

9. How do you contact us about the data we hold on you?

If you would prefer us to:

  • Stop contacting you
  • Amend your information
  • Delete your information
  • Change your preferences (for instance if you would prefer us to only contact you about certain things or restrict what information we have about you)
  • Any other change

Please tell us. You can do so by emailing anyone from AMRC via contact us. We will make any changes requested within 1 month, or sooner.

You also have the right to ask us for a copy of the information we hold about you and to have any inaccuracies in your information corrected.

Please also feel free to contact us if you have any questions about AMRC’s Privacy Notice or practices here, directly to any member of the team, via the main office telephone number: +44 (0)20 8078 6042 or at our mailing address below:

AMRC

Third Floor

Churchill House

35 Red Lion Square

London

WC1R 4SG

10. How do I report a concern about how you have used my data?

If you feel we haven’t handled your data properly, please do contact us and we will do everything we can to rectify the problem.

If you feel this doesn’t go far enough, or if you want to report your concern elsewhere, you can contact the Information Commissioner’s Office: https://ico.org.uk/concerns/

11. Changes to this Privacy Notice

We may change this notice from time to time. If we do we will post any changes on this page. If you continue to use the services after those changes are in effect, you agree to the revised notice.