Privacy Information

What is Privacy Information?

Information for you about why and how your personal data is processed by PHIREmedical.

Background information:

When we say PHIRE, we mean PHIREmedical or Physicians’’ Health Initiative for Radiation and Environment.

We are not registered as a data controller with the Data Commissioners Office as we have a charity exemption.

Our only business is to increase awareness and education regarding health effects of non-ionising radiation. We don’t trade, swap, share or make money from personal data. This includes that we do not share information outside of PHIRE staff with any other staff, including RRT. Data protection law gives you rights, and we want to make sure we’re doing right by you. If you have any questions, concerns or requests about your data, please do get in touch with us: https://phiremedical.org/contact/

The sections below describe how your personal data is processed according to the relationship between you and PHIREmedical. If you think there is any info missing, unclear or incorrect then please so we can fix it.

The sections below tell you about the details of how personal data is processed by us.

When you use this website:

ePrivacy details:
We do not use any cookies on this website to be creepy. The only first party cookie that is in place is:

Domain Name Value Expires on
phiremedical.org PHPSESSID   0344e5d85186440b38ed… Session

This cookie is a session ID for when you move from page to page that we remember who you are and is set by our hosting provider.  Once you leave our website, it ends. You can block it yourself via the browser if you do not want to remember you at all.  We are interrogating if we actually need this cookie with our hosting provider and attempt to remove all unwanted cookies as soon as possible.

Trackers

We also use some third-party services to enhance the functions of the site, which result in trackers being active. These don’t set cookies but they do send reporting data to the third party when you land on the page. You can block tracking of your online activity by using a tool such as PrivacyBadger, uBlockOrigin or Ghostery.

Data goes to:

  • Google: The site uses Google Fonts – we are about to oust Google from our website but please bear with us.
  • Facebook: The site has the Facebook feed to ensure you receive the most up to date information from our Phire Facebook Group. We are looking at alternatives to use by providing a newsletter rather than via Facebook but this will take time to improve.

Personal data use

We will process your personal data to:

1. Keep the site secure and problem-free

How:
Our web hosting provider keeps logs of connections to this site so that we can detect and prevent malicious activity. The logs contain your IP address (which can reveal your geographical location), the date and time of your connection, the pages you’ve visited in what order and for how long, and the browser you’re using (which can reveal the device you’re using as well). We make no use of this data on an individual level unless the traffic looks like an attack, in which case we will block the connection.

Site traffic logs are kept for 3 months then deleted. If we’re investigating suspicious activity then we’ll keep the traffic logs for the time period until the investigation is over.

Why:
It’s in our interest – and yours – that our site is secure and working properly, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider whether the security and performance of the website would be at risk if we stopped processing your data in this way.

2. Respond to ‘Contact us’ requests

How:
When you use the ‘Contact Us’ form to get in touch, the data is sent to us automatically by email from the web server. The data stays on the web server for a month in case the email service is interrupted, then is deleted automatically.

Why:
It’s useful for both Phire and you, for us to be able to respond quickly and easily to enquiries, so this processing of personal data is done on the basis of legitimate interests. We’ve done an assessment of this interest and how we balance that with your rights and freedoms. You can ask us for a copy of this assessment.

You have the right to object to this processing, in which case we will review the assessment and consider what the impact to you and Phire would be if we stopped processing your data in this way.

3. Understand how the website is used

We only use the data that is sent to us in order to answer your questions or queries or for you to sign up to our consensus statements. Please see other sections within this notice. The website is only used as a tool for contacting us via the internet.

Why did we get in touch?

If you’ve been contacted by PHIREmedical then it is likely to be a response to a question you’ve asked or to update on a current Initiative that you’re involved with.

If you do not invite us to get in touch by asking a question or ticking the ‘Yes, please update me’ box, then we will not contact you.

If you have any concerns about this processing, please don’t hesitate to contact us at https://phiremedical.org/contact/

If you signed the 2020 Consensus Statement:

If you signed up to the statement, we will have asked you if you would like to be updated with any responses that we receive.

If you ticked ‘Yes, please update me’ box, then we will send them to you ask us to stop sending them.
You would also have an option to request that we message you with any other important information. If you ticked ‘Yes’, then you may also very occasionally receive other messages about our work. We rarely message, but if you ask us to stop sending these messages, then we will immediately.

PHIRE does not use any trackers or cookies.

If you correspond with PHIRE for other reasons:

If you email us directly rather than using the ‘Contact Us’ form on the website, we’ll use the data you’ve included to respond to your message. We will keep your message in a mailbox which can only be accessed by PHIRE staff who have signed a ‘confidentiality agreement’. In doing this they promise never to share your data with any third party, unless someone’s life would be threatened by not doing so.

Your rights

Data protection law gives you rights to help you understand and control how personal data about you is used. This section explains what these rights are and what PHIRE has in place to help you exercise them.

Your rights are:

To be informed about our processing:

You have the right to have a clear explanation of the processing of your personal data provided to you – we hope that’s what we have achieved with this privacy information.

To have access to your data and details of our processing:

Exercising this right is known as “making a subject access request:
You have the right to ask us:

  • whether we are processing your personal data
  • why we are doing so
  • under what lawful basis we are processing your data
    the categories of personal data about you which we are processing
  • whether the data is being sent outside the EU
  • the names of any other Data Controllers your data has been passed to, and the purpose and lawful basis for the transfer
  • how long we’re going to keep the data, or what criteria we’ll use to decide whether to keep it
  • for a copy of the data we are processing.

You can request a ‘subject access request’ a phone call, a social media message or an email are also ways of making the request. We’ll need to ask you for some information to make sure the request is valid though.

To object to some processing:

Objecting to direct marketing
We do not currently do any data marketing.

If we consider that we have compelling interests that outweigh your preferences (which might be to keep our IT systems secure, or maintain auditing and accounting records) then we will explain our reasoning to you.

You have a right to have some data deleted:

This right is sometimes referred to as “the right to be forgotten”. It only applies in narrow circumstances, where:

  • you have withdrawn your consent and there is no further legitimate interest in continuing to process the data,
  • your objection to our processing under legitimate interests outweighs those interests,
  • the processing of your personal data is no longer necessary,
  • there is a law that requires the data to be deleted, or
  • the processing is unlawful (we work hard to make sure this is never the case!)
  • you have the right to have your data erased from our systems and files.

We can’t erase any data which we are required by law to process, but we will highlight and explain this to you if your request includes this data.

You have a right to limit how your personal data is used:

Under some circumstances, you can limit how your personal data is used by us
If –

  • the personal data we are processing is inaccurate
  • our processing is unlawful
  • the data is no longer necessary for the original purpose of processing but needs to be kept for potential legal claims, or
  • you have objected to processing carried out under legitimate interests and we’re still in the process of determining whether there is an overriding need to continue processing

You have the right to restrict the processing. This means that the data will only be processed:

  • with your consent,
  • for the establishment, exercise or defence of legal claims, to protect someone else’s rights, or
  • if there is an important public interest justification for processing

You have a right to have some of your data taken elsewhere:

The right of data portability says that you can ask for any data that we process by automated means (which means ‘using a computer’) which:

  • you provided to us either on the basis of consent or
  • because it was necessary for a contract that you are directly a party to;

-to be provided back to you in a computer-based format, or sent directly to another Data Controller.
This is mostly intended for you, the individual end user or consumer, to be able to switch providers without your data being held hostage.

You have a right to query automated decision making:

We don’t do any automated decision-making or automated profiling, but if we did, you would have the right to ask us to explain the logic behind any such decisions and for the decision to be reviewed by a human being, if the decision had an effect on your rights or freedoms.

You have a right to have data corrected:

Rectification
If any of the data we hold on you is inaccurate or out of date, please let us know so that we can correct it as quickly as possible.

Complaints

If you’re not happy with any aspect of how we process your personal data, please let us know so that we can make things right. If you’re not satisfied with our response, you can make a complaint to the Information Commissioner’s Office.