Privacy Notice

De Morgan House operates under the London Mathematical Society (LMS), a registered UK Charity (no. 252660) and the UK’s learned society for mathematics. Its purpose is the advancement, dissemination and promotion of mathematical knowledge, both nationally and internationally. The LMS is registered with the Information Commissioner’s Office (Reg no: Z6256165). The Society’s Data Protection Officer is the Executive Secretary.

The following people are affected by the LMS processing their personal data for a variety of purposes and under different legal bases

• LMS Employees
• People who use LMS products, services and activites
• People who contact the LMS
• De Morgan House Clients (internal and external)
• Visitors to De Morgan House
• Website Users and visitors

We process the following types of personal data listed below. However, we do not process all types of personal data for everyone. We process specific types of personal data for particular purposes e.g. we will collect and process National Insurance numbers from employees and trustees to meet our legal obligations.

Categories

• Personal details – name, date of birth, gender, National Insurance numbers
• Contact details – address, email address, telephone number, fax number, emergency contact details
• Financial details – bank account details, card payment details, tax details
• Employment details – CV’s, current and previous employers, references, salary details
• Education and Training details – Qualifications (professional and academic)
• Images – CCTV, photographs
• IP addresses – collected via Cookies

Special Categories of data

• Health details – dietary requirements, access requirements, allergies
• Identification details – passports, proof of identity, visas and work permits
• Criminal convictions
• Religion

We process personal data to enable us to fulfil our charitable objectives; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.

In particular, we use personal data for the following purposes:

• To manage our products and services offered online and face-to-face for members, event participants, grant applicants/holders, volunteers, customers.
• To manage our contractual and legal obligations, including those affecting LMS staff and LMS Gift Aid donors.
• To manage our business activities, including De Morgan House Conference facilities, commercial and residential activities.
• To manage our communications (including direct marketing) with our internal and external stakeholders, including members, staff, volunteers, donors and business contacts.
• To manage our fundraising and development activities, including regular and potential donors.
• To manage the security of De Morgan House, including the use of CCTV.
• To manage our website, database and website resources.

Under both the UK GDPR and the EU GDPR, we process personal data under at one of six legal bases:

1. Consent – With the Consent of the Data Subject
   • E.g. we rely on consent to send direct marketing material by email to you.
2. Contract – To perform our duties to fulfil a contractual obligation
   • E.g. we rely on contract to provide conference facilities to data subjects.
3. Legal Obligation – To meet a meet a legal obligation
   • E.g. we rely on legal obligation to disclose information to HMRC for tax and gift aid purposes.
4. Legitimate Interests – To fulfil a legitimate interest of the LMS (on the understanding that it does not override the interests of the data subject)
   • E.g. we rely on legitimate interests to facilitate bookings to support the LMS.
5. Vital Interests – To protect the vital interests of data subjects.
   • E.g. we rely on vital interests in the event that someone needs emergency medical treatment.
6. Public Task – To process personal data in the exercise of official authority or to perform a specific task in the public interest that is set out in law
   • We do not rely on this legal basis because we are not a public authority nor do we exercise official authority or carry out tasks in the public interest.

For most of our processing of personal data, we use Legitimate Interests and Contract as our legal bases.

Our legitimate interests for processing personal data are so that we can fulfil our objectives on behalf of the London Mathematical Society; advancing, promoting, disseminating and engaging with mathematics, on behalf of the mathematical community in the UK.

Examples of legitimate interests include:

• Maintaining the safety and security of those working in and visiting De Morgan House.
• Developing and maintaining contact with stakeholders to help realise the LMS’ charitable aims.

In most cases, your personal data will not be disclosed without consent, except where it is your interests and other situations as required by law e.g. staff salary details are shared with HMRC for tax purposes. When we do share your personal data, we take care to share the relevant details needed and not share more personal data than required by the circumstances.

Examples of organisations with whom we may share your data include:

• WorldPay, GoCardless.com, NatWest, American Express to process payments made to and by the LMS.
• HMRC, University of London, University Superannuation Scheme to manage LMS Staff payroll and pensions.
• Waat.eu, Imperial College to manage our website and IT systems.
• Google Analytics to monitor the use of our websites.
• Charity Commission and Moore Kingston Smith LLP to comply with legal obligations.
• Building managers and Estate Agents to manage commercial and residential tenancies.
• Emergency services to provide assistance in emergencies.

Examples of individuals with whom we may share your data include:

• LMS Council and Committee members to carry out Committee activities e.g. assessing grants applications, organising events, discussing committee business
• External event organisers to manage events.
• LMS First Aiders/Fire Marshalls to provide assistance, as required.

You have the following rights regarding your personal data when it is processed by any organisation.

1. The Right to be informed about how we collect and process your personal data, including our purposes. We inform you of our data processing and its purposes via Privacy Statements at the time of collection, which link to this Privacy Notice. If we have collected your data from another source, we will provide you with this Privacy Notice as soon as possible.
2. The Right of Access to your personal data so that you are aware of and can verify the lawfulness of our processing of your personal data.
3. The Right to Rectification of your personal data. While we try to keep our data as accurate as possible, we will rectify inaccurate personal data, or complete if it is incomplete.
4. The Right to Erasure (also known as ‘the right to be forgotten’). You have the right to have personal data erased, in particular circumstances.
5. The Right to Restrict Processing your personal data. When processing is restricted, we are permitted to store your personal data, but not use it.
6. The Right to Data Portability obtain and reuse your personal data, which you have provided to us, for your own purposes across different services. It allows you to move, copy or transfer your personal data easily from one IT environment to another in a safe and secure way, without affecting its usability.
7. The Right to Object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
8. The right to withdraw consent (if applicable). Where we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.

You can contact us about any of the above rights, including withdrawal of consent by emailing us – privacy@lms.ac.uk

We will respond to your requests within one month and where we cannot comply with the request, we will contact you within in one month and explain our reasons. If appropriate, we will ask you to provide proof of identity or entitlement to access/change personal data.

The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You have the right to report a concern to the Information Commissioner’s Office and you can do so here: https://ico.org.uk/concerns/

Most of the personal data collected by the LMS have come from data subjects themselves. For example, when we receive an enquiry for a booking and/or when we are contacted by the data subject. Some personal data is collected by LMS from publicly accessible sources, for example, from academic/professional web pages.

Sometimes, we have to process personal data to fulfil contractual obligations e.g. to provide membership services. If personal data is not provided then we will not be able to provide these services. Sometimes, we have to process personal data to fulfil statutory obligations e.g. to provide HMRC with employees’ tax details. If personal data is not provided then we cannot fulfil these statutory obligations and both the LMS and the individual may face penalties under other legislation.

When someone visits www.demorganhouse.org.uk, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns e.g. the number of visitors to the different parts of the website. The information is processed in a way which does not identify anyone and we do not attempt, and do not allow Google to make any attempt, to find out the identities of those visiting our websites. If we do want to collect personally identifiable information through our websites, we will make this clear when we collect personal information and will explain what we intend to do with it.

Personal data provided by a client e.g. name, company address and email will be stored used to provide services for that client’s booking. Visitors to De Morgan House (57-58 Russell Square, London, WC1B 4HS) will be asked to sign in and out of the building to comply with Health & Safety regulations.

Visitors to De Morgan House should be aware that the premises are monitored by CCTV cameras.

When individuals apply to work at the LMS, we will only use the information they supply to us to process their application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing them beforehand unless the disclosure is required by law.

Personal information about unsuccessful candidates will be held for 12 months after the recruitment exercise has been completed, it will then be destroyed or deleted. We retain anonymised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.

Once a person has taken up employment with the LMS, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with the LMS has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.

Phone: When you call the LMS, we do not record our calls.
Email: Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

The LMS offers various services, products and activities to its members and the public.

We use a third party, Google.com for online surveys. For more information on how Google processes data, please see the privacy policy here.

We have to hold the details of the people who have requested a service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might send information about people who have registered for an event to the venue for the event so they know who is at the venue in case of an emergency.

When people do subscribe to our services or register for our events, they can cancel their subscription or registration at any time and are provided with an easy way of doing this.

The LMS tries to meet the highest standards when collecting, holding and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of the LMS’ collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address detailed in the How to contact us? section of this document.