Data Privacy Statement

Jean le Tavernier, Jean Mielot dans son scriptorium dans Miracles de Notre Dame, c.1456

The Royal Historical Society is committed to protecting your privacy and security. This privacy policy explains how and why we use your personal data and is intended to help ensure that you remain informed and in control of your information.

About us

The Royal Historical Society was founded in 1868, and has become the foremost society in the United Kingdom working with professional historians and advancing the scholarly study of the past. It is a learned society with charitable status that is increasingly at the forefront of policy debates about the study of history.

The Society is an exempt charity under schedule 3 of the Charities Act 2011, registered charity no. 206888. It is funded by a combination of income secured through investments, publishing, fundraising and subscriptions. Predominantly a voluntary organization, the Society is governed by a revolving Council, which in turn elects the Honorary officers. The Council and Honorary officers are the Society’s Trustees.

The official address of the Royal Historical Society, is University College London, Gower Street, London, WC1E 6BT.

When we talk about “we” or “us” in this privacy policy we mean the Trustees of the Royal Historical Society and its permanent staff.

Your Personal Data

We collect “personal data”, which is information that identifies a living person, or which can be identified as relating to a living person.

When we talk about “you” or “your” in this policy we mean any living person whose personal data we collect.

When we talk about “Members” and “Membership” we are referring to subscribing Fellows and Members of the Royal Historical Society.

  1. Personal data we hold

The RHS will only hold data about its Members for the purposes of achieving its legitimate charitable objectives.

We collect data you provide to us, when you communicate with us, apply for Membership, Grants or Prizes, sign up to receive communications from us, make a donation, apply for employment, volunteer or enter into a contract with us. For example we may hold:

  • personal details (name, gender, date of birth, email, address, telephone);
  • financial information (such as credit/debit card or direct debit details, and whether your donations are gift-aided);
  • your response to a special Royal Historical Society event or your intention to meet a member of our staff; and
  • details of the ways in which you wish to be contacted by us.

Your activities and involvement with the Society will result in personal data being generated. This could include:

  • details of your areas of interest and expertise;
  • your attendance at special events;
  • where you have asked us for information or written to us;
  • your visits to our website;
  • your purchasing and subscription history;
  • how you’ve helped us by volunteering or by donating money to us;
  • where you have applied for Membership, or employment, a prize, or grant with us;
  • participation in our online surveys.

It will store members’ data securely in electronic or manual form, held by the Executive Secretary and may use this information in the following ways

  • To process annual subscription payments;
  • To distribute RHS publications and news of events (in conjunction with the RHS website);
  • To send out governance information including minutes and agendas;
  • To update members’ information;
  • To facilitate the production of publications;
  • To help with fundraising.

If you or act as referee for a grant or Membership application, or nominate someone for a prize your details will be recorded (as will the nominee’s).

  1. Personal data from third parties

Occasionally, we may collect personal data about you (for example if you are particularly well known or influential) from the media and other publicly available sources. This may come from public databases (such as Companies House), news or other media.

 3. Special category (‘sensitive’) personal data

We do not normally collect or store special categories of personal data. However, there are some situations where we may need to do so. These may include, for example, if you work or volunteer with us or apply to do so, or if we need to know about any access, medical or dietary requirements you, or someone in your care, may have.

  1. Administration

We use your personal data for administrative purposes including:

  • receiving donations (e.g. direct debits or gift-aid instructions);
  • maintaining databases of our membership;
  • processing membership subscriptions;
  • performing our obligations under membership contracts and other supporters’ agreements;
  • managing custody of our document and publication collections including our intellectual property rights;
  • carrying out due diligence to meet our compliance duties (for example, before making any acquisition into our collections, accepting financial support or making agreements for the supply of goods and services);
  • processing enquiries and requests for information;
  • managing feedback, comments and complaints we receive;
  • fulfilling orders for goods or services (whether placed online, by post, over the telephone or in person);
  • helping us respect your choices and preferences;
  • recruitment and staff management including pay, tax and pensions administration;
  • management of suppliers of goods and services.
  1. Internal research and profiling

We carry out research and analysis on our Membership to determine the success of our Membership and programmes and other activities in the public interest and to help us provide you with a better experience (for example so that you only receive communications about areas of our activities or research you are mostly likely to be interested in).

We may evaluate, categorise and profile your personal data in order to tailor materials, services and communications (including targeted advertising) to your needs and your preferences and to help us to understand our audience. For example, we may keep track of the amount, frequency and value of your support. This information helps us to ensure communications are relevant, timely and in the best interest of our charitable purposes.

  1. Disclosing and sharing your personal data

Whilst the RHS will never sell data to any third parties, it uses third-party providers to deliver some of its services. The RHS currently shares data with the following in furtherance of the activities specified above only.

  • PayPal and Barclays plc to process subscriptions and other purchases;
  • Bottomline PTX and Go Cardless to process direct debit payments;
  • Cambridge University Press, Boydell & Brewer, and Mail&Print to distribute publications and Newsletters;
  • Studio Thirty to manage our membership online database;
  • Mailchimp for our email communications.

Information is transferred to data processors securely, and we retain full responsibility for your personal data as the data controller. These activities are carried out under a contract which imposes strict requirements on our suppliers to keep your personal data confidential and secure.

We may share your personal data where required to do so for prevention of crime or for taxation purposes (for example, with the police, HMRC) or where otherwise required to do so by other regulators or by law (e.g. the Charity Commission, Companies House).

  1. Consent

Unless you have already given us your email address or telephone number so that we can tell you about making donations to us or about the supply of goods and services, we will ask you to “opt-in” to receive communications from us. You have the choice as to whether you want to receive or continue to receive these messages. You are also able to select how you want to receive them (post, telephone, email) and to change your preferences at any time.

When you receive a communication from us, we may collect information about your response and this may affect how we communicate with you in future.

Data security

  1. Protection

We employ a variety of physical and technical measures to protect information we hold and to prevent unauthorised access to, or use or disclosure of your personal data.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Staff receive data protection training and we maintain a set of data protection procedures which our staff are required to follow when handling personal data.

  1. Payment security

All electronic forms that ask you for your financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.

If you use a payment card to donate, to pay Membership subscriptions or to purchase other publications from us on-line, we will pass your payment card details securely to our payment provider. We comply with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council.

  1. Storing your personal data

We are wholly based in the UK and store data within the European Economic Area. If an organisation which provides data processing services to us does so under contract and is based outside of the EEA, we will only allow them to do so if your data is adequately protected.

  1. Retention of your personal data

We will only retain your personal data for as long as it is required for the purposes for which we collected it (e.g. we have a genuine and legitimate reason and we’re not harming any of your rights and interests).This will depend on our legal obligations and the nature and type of information and the reason for which we collected it. For example, should you ask us not to send you communications emails, we will stop storing your email address for such purposes; however we will need to keep a record of your preference. We will retain personal and financial data for a period of six years after the initial point of provision.

We continually review what information we hold and will delete personal data which is no longer required.

  1. Control of your personal data

Your rights

We want to ensure you remain in control of your personal data and that you understand your legal rights, which are:

  • the right to know whether we hold your personal data and, if we do so, to be sent a copy of the personal data that we hold about you (a “subject access request”) within one month;
  • the right to have your personal data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • the right to have inaccurate personal data rectified;
  • the right to object to your personal data being used for selective communications or profiling; and (where technically feasible) the right to be given a copy of personal data that you have provided to us (and which we process automatically on the basis of your consent or the performance of a contract) in a common electronic format for your re-use.

There are some exceptions to the rights above and, although we will always try to respond to any instructions you may give us about our handling of your personal information, there may be situations where we are unable to meet your requirements in full.

If you would like further information on your rights or wish to exercise them, please contact our Executive Secretary at the address below.

Should you wish to make a subject access request, we can provide you with a template form which includes guidance on how to do this. Please contact us for a copy of the template for a subject access request.

  1. Complaints

Should you have a complaint about how we have used (‘processed’) your personal data, you can complain to us directly by contacting the Executive Secretary s.carr@royalhistsoc.org in the first instance.

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at http://www.ico.org.uk .

  1. Cookies

Our website uses local storage (such as cookies) in order to provide you with the best possible experience and to allow you to make use of certain functionality. Further information can be found in our Cookies Policy at:  https://royalhistsoc.org/privacy-cookies/

  1. Links to other sites

Our website contains links to other external websites. We are not responsible for the content or functionality of any such websites. Please let us know if a link is not working by contacting the Executive Secretary s.carr@royalhistsoc.org

If a third party website requests personal data from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by this privacy policy. We suggest you read the privacy notice of any other website before providing any personal information.

 

Changes to this privacy policy

We may amend this privacy policy from time to time to ensure it remains up-to-date and continues to reflect how and why we use your personal data. The current version of our privacy policy will always be posted on our website.

Any questions you may have in relation to this privacy policy or how we use your personal data should be sent to the Executive Secretary, email s.carr@royalhistsoc.org

This privacy was approved by the Trustees of the Royal Historical Society in May 2018 and will be reviewed no later than 2021.