Privacy Policy




This privacy policy explains how we use any personal information we collect about you when you use this website.

Topics:

  1. Who are we?
  2. Our third party processors
  3. Your rights
  4. What information do we collect about you?
  5. How will we use the information about you?
  6. Site visit information
  7. Plugins and tools
  8. Other Websites
  9. How to contact us
  10. Changes to our privacy policy

1. Who are we?

This website is run by SuperSTEM, the EPSRC National Facility of Advanced Analytical Microscopy.

SciTech Daresbury Campus

Keckwick Lane

Daresbury WA4 4AD

SuperSTEM complies with its obligations under the EU General Data Protection Regulation 2018 (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

2. Our third party processors

We have carefully chosen third party data processors to process data on our behalf and who are responsible for achieving their own GDPR compliance.

  • Our website and cloud IT services are hosted by Google LLC (from here on "Google"), USA, with whom we have signed a data processing agreement. Read here about their GDPR compliance. Google are certified under the EU - U.S. Privacy Shield framework to transfer to and process your data on their servers in the USA.

3. Your rights

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which SuperSTEM holds about you (the right of access);
  • The right to request that SuperSTEM corrects any personal data if it is found to be inaccurate or out of date (the right to rectification);
  • The right to request your personal data is erased where it is no longer necessary for SuperSTEM to retain such data (the right to be forgotten);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing. This means we retain your personal data but are not allowed to use it (the right to restrict processing);
  • The right to request (where applicable) that SuperSTEM provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
  • The right to object to the processing of personal data where the lawful basis of holding it is legitimate interest of SuperSTEM;
  • The right to withdraw your consent to the processing of personal data at any time where the lawful basis of holding it is explicit consent;
  • The right to lodge a complaint with the Information Commissioner’s Office (contact details see below).

4. What information do we collect about you?

In running and maintaining our website we, or our third party data processor on our behalf, may collect and process the following data about you:

  • Information provided voluntarily by you. For example, your personal data when you register for an event or make use of an online form, or other information from you as part of a survey or questionnaire
  • Information we or our third party data processors collect about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes e.g. system logs recording IP address, browser type or time of visit
  • Information that you provide when you communicate with us by any means.

5. How will we use the information about you?

Sending information over the Internet is generally not completely secure. However, while you browse our website your interactions with our website are protected via an HTTPS connection, which provides encryption of the data stream going back and forth.

USER FORMS

(Purpose and legal basis) We provide several user forms for the purpose of collecting and documenting user comments, complaints, surveys, publications and similar. The legal basis for the processing of the information that you provide is your explicit consent.

  1. USER COMMENTS OR SURVEYS
    • (What, where and how) If you choose to leave a user comment or respond to a survey, your name and comments will be stored in our Google Drive on servers of our third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We may use your comments anonymously on our website or in printed or online media, e.g. reports to EPSRC.
    • (Retention) We will keep the information for the duration of the SuperSTEM facility being contracted by EPSRC unless you request it to be removed. You can do this at any time by sending us an email.
  2. COMPLAINTS
    • (What, where and how) If you choose to leave a formal user complaint, your name, email address and your grievance will be collected and stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We may have to share your personal data with EPSRC or, in the worst case, laywers.
    • (Retention) We will keep the information for five years.
  3. SUBMIT PUBLICATION
    • (What, where and how) If you choose to submit the details of a publication (paper, poster or talk) that was the result of your sessions here at SuperSTEM the information will be stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We will use your data either for our online research paper publication list and/or in our research facility statistics, reports and outreach media, printed or online.
    • (Retention) We will keep the information for the duration of the SuperSTEM facility being contracted by EPSRC unless you request it to be removed (as long as the information is not in the public domain). You can do this at any time by sending us an email.

EVENT REGISTRATION

  • (Purpose and legal basis) SuperSTEM runs events from time to time, e.g. the SuperSTEM summer school. In order or manage these events we need to know personal details of participants for the purpose of keeping participants informed, or arranging catering, accommodation or transport. During the registration process we may invite you to join a SuperSTEM contact list in order to keep you informed about news and future events at SuperSTEM. The legal basis for the processing of the information that you provide is contractual (processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract) and consent in the case of joining SuperSTEM's newsletter list.
  • (What, where and how) For registration we provide user forms collecting, e.g. name, title, institution, email address, phone number, gender (if we provide shared accommodation for participants), or dietary requirements. This information will be stored in our Google Drive on servers of our third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We will share part or all your personal data (as necessary) with caterers, hotels, transport services (taxi, train lines, airlines), SciTech Daresbury Campus Business Support and Security Services (for site access and WiFi), Royal Microscopical Society (RMS) Event Organisers (for collecting registration fees).
  • (Retention) For general events, workshops and seminars we will store the information for the duration of the current research facility contract. For summer schools we will keep the names of the participants on file until the next the next summer school in order to prevent duplicate participation.

SuperSTEM E-NEWSLETTER LIST

  • (Purpose and legal basis) Occasionally, we would like to inform you about events and services at SuperSTEM which may be of interest to you and your research. The legal basis for the processing of your personal data relies on your explicit consent.
  • (What, where and how) If you choose to join the newsletter list, or other email lists, the email address (required) and your first and last name (optional) that you submit to us will be stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below). We will not share the contact list with anyone unless legally required to do so. Emails are sent over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
  • (Retention) Your personal data will be kept until the email address bounces or you specifically request removal from the list . You can do this at any time by using the unsubscribe link contained in the footer of any email that we send you via this contact list, or using this form, or by requesting removal via an email. When requesting removal via email, please send your email to us, using the email account that is subscribed to the mailing list. We will have to store your email address on a blacklist to insure that we to do not contact you via email again.

6. Site Visit Information

HOSTING

Our chosen third party hosting company Google collects data in their server log files in the USA about your visit to our website as it is their legitimate interest for the purpose of providing a responsive service and forensic evidence in case of service disruptions or data breaches. The data may include the URL of the visited page, Referrer URL (the previous visited page), date, downloaded/uploaded files, amount of transferred data, your IP address, browser type and version, your operating system. We ourselves have no access to this data.

COOKIES AND TRACKERS

A "Cookie" refers to a small file that is downloaded onto your device (such as your computer, mobile phone or tablet) whenever you visit a website. These “Cookie files” allow the websites you visit to recognise your device and to gather information about your interaction with the website, as well as the device you are using. A Cookie, by itself, cannot be used to identify you. But in any case, we do not use Cookies on our website. You can always disable cookies in your internet browser.

Our third party data processor Google that hosts our website uses Google Analytics to monitor user interaction. We have no access to this data. Subsequently, any requests for the retrieval of personally identifiable data that is recorded and stored by Google Analytics should be submitted directly to Google.

You can stop Google Analytics tracking you by:

7.Plugins and Tools

Some of our webpages use third-party services or software, such as maps, online videos or social networking features. Many of these services may set cookies on your device. Information about your use of our website, including your IP address, may be transmitted to and stored on servers in the United States.

Google Maps

This website uses Google Maps to illustrate the location of SuperSTEM and surrounding areas and services as well as assist with how you get to us. This represents a legitimate interest as lawful basis for the related data processing. In order to provide this service certain information, including IP addresses will be transferred to Google servers in the USA. More information can be found in the Google privacy policy: https://www.google.de/intl/de/policies/privacy/.

Google Fonts

In order to achieve a streamlined layout this websites uses web fonts that are provided by Google. This constitutes a legitimate interest as lawful basis for the related data processing. When you view our website your browser will load the required fonts from Google servers in the USA in its browser cache (if your browser does not support web fonts it will display a default font instead). By doing so Google will learn of your IP address. More information regarding Google Web Fonts can be found in https://developers.google.com/fonts/faq und in the Google privacy policy: https://www.google.com/policies/privacy/.

YouTube

Our website provides access to educational YouTube videos. YouTube is owned by Google. Our implementation of YouTube videos will only load the YouTube plugin when you click on it. This action also informs YouTube of your IP address and which of our pages have been visited by your IP address. If you are logged into your YouTube account this information can be linked to your YouTube profile. You can prevent this by logging out of your YouTube account. The use of YouTube is in the interest of an inspiring illustration of our research and constitutes legitimate interest as lawful basis for the related data processing. Such data processing only occurs when you actually click on the video link, not before. By clicking on the YouTube plugin you agree to this data processing. More information about the treatment of user data can be found in the YouTube privacy policy: https://www.google.de/intl/de/policies/privacy.

Facebook

We also provide the option to share news items and pages on Facebook. Our implementation of the Facebook "recommend" button you will only load the Facebook plugin by actually clicking on the button. Only then will Facebook record that your IP address has visited our website. If you do this while logged in to your Facebook account this information can be linked to your Facebook profile. You can prevent this by logging out of your Facebook account before clicking on a "recommend" button. The use of Facebook sharing is in the interest of maintaining information links with our research community and constitutes legitimate interest as lawful basis for the related data processing. Such data processing only occurs when you actually click on the video link, not before. By clicking on the Facebook button you agree to this data processing. You will find further information about the data privacy statement of Facebook on https://www.facebook.com/privacy/explanation.

8. Other Websites

Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.

9. How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:


10. Changes to our privacy policy

We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 14 May 2018.