- Who are we?
- Our third party processors
- Your rights
- What information do we collect about you?
- How will we use the information about you?
- Site visit information
- Plugins and tools
- Other Websites
- How to contact us
1. Who are we?
This website is run by SuperSTEM, the EPSRC National Facility of Advanced Analytical Microscopy.
SciTech Daresbury Campus
Daresbury WA4 4AD
SuperSTEM complies with its obligations under the EU General Data Protection Regulation 2018 (GDPR) by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
2. Our third party processors
We have carefully chosen third party data processors to process data on our behalf and who are responsible for achieving their own GDPR compliance.
- Our website and cloud IT services are hosted by Google LLC (from here on "Google"), USA, with whom we have signed a data processing agreement. Read here about their GDPR compliance. Google are certified under the EU - U.S. Privacy Shield framework to transfer to and process your data on their servers in the USA.
3. Your rights
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which SuperSTEM holds about you (the right of access);
- The right to request that SuperSTEM corrects any personal data if it is found to be inaccurate or out of date (the right to rectification);
- The right to request your personal data is erased where it is no longer necessary for SuperSTEM to retain such data (the right to be forgotten);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing. This means we retain your personal data but are not allowed to use it (the right to restrict processing);
- The right to request (where applicable) that SuperSTEM provide you with your personal data and where possible, to transmit that data directly to another data controller (known as the right to data portability)
- The right to object to the processing of personal data where the lawful basis of holding it is legitimate interest of SuperSTEM;
- The right to withdraw your consent to the processing of personal data at any time where the lawful basis of holding it is explicit consent;
- The right to lodge a complaint with the Information Commissioner’s Office (contact details see below).
4. What information do we collect about you?
In running and maintaining our website we, or our third party data processor on our behalf, may collect and process the following data about you:
- Information provided voluntarily by you. For example, your personal data when you register for an event or make use of an online form, or other information from you as part of a survey or questionnaire
- Information we or our third party data processors collect about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes e.g. system logs recording IP address, browser type or time of visit
- Information that you provide when you communicate with us by any means.
5. How will we use the information about you?
Sending information over the Internet is generally not completely secure. However, while you browse our website your interactions with our website are protected via an HTTPS connection, which provides encryption of the data stream going back and forth.
(Purpose and legal basis) We provide several user forms for the purpose of collecting and documenting user comments, complaints, surveys, publications and similar. The legal basis for the processing of the information that you provide is your explicit consent.
- USER COMMENTS OR SURVEYS
- (What, where and how) If you choose to leave a user comment or respond to a survey, your name and comments will be stored in our Google Drive on servers of our third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We may use your comments anonymously on our website or in printed or online media, e.g. reports to EPSRC.
- (Retention) We will keep the information for the duration of the SuperSTEM facility being contracted by EPSRC unless you request it to be removed. You can do this at any time by sending us an email.
- (What, where and how) If you choose to leave a formal user complaint, your name, email address and your grievance will be collected and stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We may have to share your personal data with EPSRC or, in the worst case, laywers.
- (Retention) We will keep the information for five years.
- SUBMIT PUBLICATION
- (What, where and how) If you choose to submit the details of a publication (paper, poster or talk) that was the result of your sessions here at SuperSTEM the information will be stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We will use your data either for our online research paper publication list and/or in our research facility statistics, reports and outreach media, printed or online.
- (Retention) We will keep the information for the duration of the SuperSTEM facility being contracted by EPSRC unless you request it to be removed (as long as the information is not in the public domain). You can do this at any time by sending us an email.
- (Purpose and legal basis) SuperSTEM runs events from time to time, e.g. the SuperSTEM summer school. In order or manage these events we need to know personal details of participants for the purpose of keeping participants informed, or arranging catering, accommodation or transport. During the registration process we may invite you to join a SuperSTEM contact list in order to keep you informed about news and future events at SuperSTEM. The legal basis for the processing of the information that you provide is contractual (processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract) and consent in the case of joining SuperSTEM's newsletter list.
- (What, where and how) For registration we provide user forms collecting, e.g. name, title, institution, email address, phone number, gender (if we provide shared accommodation for participants), or dietary requirements. This information will be stored in our Google Drive on servers of our third party data processor Google LLC (see section Third Party processors below) and in our internal IT systems. We will share part or all your personal data (as necessary) with caterers, hotels, transport services (taxi, train lines, airlines), SciTech Daresbury Campus Business Support and Security Services (for site access and WiFi), Royal Microscopical Society (RMS) Event Organisers (for collecting registration fees).
- (Retention) For general events, workshops and seminars we will store the information for the duration of the current research facility contract. For summer schools we will keep the names of the participants on file until the next the next summer school in order to prevent duplicate participation.
SuperSTEM E-NEWSLETTER LIST
- (Purpose and legal basis) Occasionally, we would like to inform you about events and services at SuperSTEM which may be of interest to you and your research. The legal basis for the processing of your personal data relies on your explicit consent.
- (What, where and how) If you choose to join the newsletter list, or other email lists, the email address (required) and your first and last name (optional) that you submit to us will be stored in our Google Drive on servers of our main third party data processor Google LLC (see section Third Party processors below). We will not share the contact list with anyone unless legally required to do so. Emails are sent over the Simple Mail Transfer Protocol (SMTP). Our own SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. However, not all mail servers are secured in such a way. Therefore, we would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.
- (Retention) Your personal data will be kept until the email address bounces or you specifically request removal from the list . You can do this at any time by using the unsubscribe link contained in the footer of any email that we send you via this contact list, or using this form, or by requesting removal via an email. When requesting removal via email, please send your email to us, using the email account that is subscribed to the mailing list. We will have to store your email address on a blacklist to insure that we to do not contact you via email again.
6. Site Visit Information
Our chosen third party hosting company Google collects data in their server log files in the USA about your visit to our website as it is their legitimate interest for the purpose of providing a responsive service and forensic evidence in case of service disruptions or data breaches. The data may include the URL of the visited page, Referrer URL (the previous visited page), date, downloaded/uploaded files, amount of transferred data, your IP address, browser type and version, your operating system. We ourselves have no access to this data.
COOKIES AND TRACKERS
Our third party data processor Google that hosts our website uses Google Analytics to monitor user interaction. We have no access to this data. Subsequently, any requests for the retrieval of personally identifiable data that is recorded and stored by Google Analytics should be submitted directly to Google.
You can stop Google Analytics tracking you by:
7.Plugins and Tools
Some of our webpages use third-party services or software, such as maps, online videos or social networking features. Many of these services may set cookies on your device. Information about your use of our website, including your IP address, may be transmitted to and stored on servers in the United States.
We also provide the option to share news items and pages on Facebook. Our implementation of the Facebook "recommend" button you will only load the Facebook plugin by actually clicking on the button. Only then will Facebook record that your IP address has visited our website. If you do this while logged in to your Facebook account this information can be linked to your Facebook profile. You can prevent this by logging out of your Facebook account before clicking on a "recommend" button. The use of Facebook sharing is in the interest of maintaining information links with our research community and constitutes legitimate interest as lawful basis for the related data processing. Such data processing only occurs when you actually click on the video link, not before. By clicking on the Facebook button you agree to this data processing. You will find further information about the data privacy statement of Facebook on https://www.facebook.com/privacy/explanation.
8. Other Websites
9. How to contact us