The British Association of Remote Sensing Companies Privacy Policy

The following Privacy Policy describes how the British Association of Remote Sensing Companies referred to as the “BARSC” handles the personal information of our members, prospective members and visitors to our website.

The GDPR
The General Data Protection Regulation (GDPR) is a European Union (EU) privacy law that regulates how we at BARSC will store, process and use the personal information of people located in the EU. Personal data is defined as any piece of data that, used alone or with other data, could identify a person.

Collecting Anonymous Data
We collect data from our website to help us understand how many people access it, how it is used and whether there have been any technical problems. This does not contain any personal information and we cannot link this data to individual visitors. All the information we collect in this way is deleted periodically. The data we collect may include:

• the visiting IP address or proxy server IP address;
• domain name requested;
• the internet service provider’s name is sometimes captured depending on the configuration of your ISP connection;
• visit date and time;
• length of session;
• pages accessed;
• access visits within any month;
• referral website; and
• visiting computer operating system.

Cookies
Cookies are files which can be stored on your computer when you visit a website. These files contain information about the web pages you look at so that the next time you visit the site it can be customised to meet your needs – for more information, please visit: www.allaboutcookies.org You can reject cookies by changing your browser settings but be aware that this may disable some or all of the functionality on our web site.

Collecting Personal Data
We collect personal information only when you specifically and knowingly give it to us, for example by filling out an online form, giving our representatives your business card, connecting to us through a company account on social media or by sending us an email. We record the date and time when you give us this information and keep track of where we send it.

We will use the personal information you give us for the reasons stated when you provided it. We will only use it for other reasons where legally we must or where this is allowed by law.

Data Protection Principles
We will collect, process and use personal data according to six data protection principles:

• that we have processed the data lawfully, fairly and transparently;
• that we collected the data only for specific legitimate purposes;
• that the data is adequate, relevant and limited to what is necessary;
• that the data is accurate and that we take reasonable action to keep it up to date;
• that the data is stored only for as long as is necessary; and
• that we ensure appropriate security, integrity and confidentiality for the data when it is stored and transferred.

Consent to Use Your Personal Data
If you are an EU citizen, we need to have your consent to process your personal data. For it to be verifiable consent, we require a written record of when and how you agreed to let us process your personal data. The consent that you provide to us must be unambiguous and involve a clear affirmative action.

Your Data, Your Rights
Again, if you are an EU citizen, under the GDPR, you have the right to ask us for details about the way BARSC uses your personal data and you can ask us to do certain things with that data. These include:
• correct your personal data;
• prohibit the use of your personal data for certain tasks;
• remove your personal data from our records completely; or
• ask how your personal data is being use.

Where we Use your Data
When you give us consent to use and store your data we will use that information to:
• manage contracts between our and your company;
• provide you with marketing information about BARSC
• products and services (you can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself); and
• respond to requests by government, a court of law or enforcement authority in the pursuit of their investigations.

Keeping Your Personal Information
We retain your personal information for as long as is necessary to provide the services to you and others, and to comply with our legal obligations. If you no longer want us to use your personal information you can request that we erase your personal information. Please note that if you request the erasure of your personal information we will retain information from deleted accounts as necessary for our legitimate business interests, to comply with the law, prevent fraud, collect fees, resolve disputes, troubleshoot problems, assist with investigations, enforce the terms of service and take other actions permitted by law. The information we retain will be handled in accordance with this Privacy Policy.

Accessing your Data
To make an access or correction request, contact our Privacy Data Officer in writing to British Association of Remote Sensing Companies, c/o Quarry One Eleven Ltd. Unit 12b, Surrey Technology Centre, Guildford GU2 7YG or by using the email address privacydataofficer@barsc.org.uk

Updating this policy
We will periodically need to change this policy to comply with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on the Geological Remote Sensing Society website.

General
For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.

If you have unresolved concerns, you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred. In the UK, this is the Information Commissioner’s Office

Both personal information and personal data have the same meaning in the context of this Privacy Policy.