Privacy & Cookie statement
This policy explains what information we gather when you visit the websites of the Amateur Entomologists' Society (AES), and how that information may be used. The Amateur Entomologists' Society is a UK registered charity (number 267430) and our postal address is:
The Amateur Entomologists' Society,
PO Box 8774,
The society can be contacted at: email@example.com
This policy applies only to data collected through direct access to the Amateur Entomologists' Society websites: www.amentsoc.org, shop.amentsoc.org and www.entrecord.com. In addition, our online shop is provided by a third-party and their access to data is also outlined below.
- Data collected to provide goods and services
- Data retention
- Data collected automatically when you visit our website
Data collected to provide goods and services
In order to supply our goods and services (such as someone joining the society or purchasing a book) we will need to request some information from you (for example, your name and a delivery address). Data collected from shop customers or as part of the membership application process for the AES and/or Bug Club requires your interaction with third-parties.
When using our website or online shop the connection is encrypted (https) and details of the encryption can be viewed in the web address bar of your browser.
Lawful basis for processing data collected via our websites
- Purchasing items (including membership) from our online shop - Contract
- Data submitted via the feedback form - Legitimate Interests
- Data submitted via the event submission form - Legitimate Interests
- Data submitted via the link suggestion form - Legitimate Interests
- Members' only area (sign-up an access) - Legitimate Interests
- Members' only mailing list - Consent (double opt-in)
- Members' list (when published) - Consent
In the case of processing under 'Legitimate Interests' this covers situations where you would reasonably expect us to process your data. For example, if you contact the society with a question about entomology then we need to use the email address you supplied to reply to you. The society maintains Legitimate Interest Assessments.
At all times the Amateur Entomologists' Society operates in accordance with the General Data Protection Regulation or the current UK data protection legislation. In addition, members are advised of data protection issues pertaining to membership of the society at the time of sign-up and also annually by the Registrar.
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please contact us.
We want to make sure that your personal information is accurate and up to date. You may ask us to correct information you think is inaccurate. In the case of the online shop and email newsletter then the data is supplied by you and remains in your direct control. You can log back in to the online shop and newsletter service and correct/update your information as appropriate.
In the case of your rights when data is processed as part of a contract or based on your consent then you have the right to have your data erased, to data portability and, in the case of consent, to withdraw consent. Where we use Legitimate Interests then you have the right to have your data erased and to object to any processing - although in both cases this could prevent us from completing the original request you made when supplying us with the data.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Registrar who will investigate the matter. If you are not satisfied with our response you can complain to the Information Commissioner's Office (ICO).
The society provides membership to children as members of the Bug Club or as junior members of the society. Under 18s must ask a parent or guardian to complete their membership application. Orders via our online shop must also be completed by someone over the age of 18 and payment via PayPal (the only form of online payment we accept) must be made by someone over 18 because PayPal cannot be used by anyone younger than 18.
Our junior members are not eligible for inclusion in our membership list. Junior members can access the members' only area of the website and mailing list but only when access is requested/established by their parent/guardian.
Where we need to allow third-parties to process your personal data we ensure in advance that stringent data protection arrangements are in place. For example, address labels provided to the printing firms who mail out members' journals are sent electronically in encrypted form and the printers delete them once used for a mailing. Certain personal data are also available to the society through PayPal payments.
In some cases, such as sending postal addresses to printers to enable the mailing of journals to members, we need to transfer your data to contracted third-parties. In these cases the data is encrypted before transfer and transferred securely. The data is then destroyed by the third-party when it is no longer needed.
Please note that we are legally required to retain financial data for six years and in some cases longer, e.g. to retain proof of eligibility for Gift Aid. In the case of long-standing members, correspondents and volunteers (in particular, trustees and officers of the society) their data (including in a few cases relevant sensitive data) may be archived securely for legitimate interest historical or statistical purposes, including for example to enable us to confer honorary life memberships.
Emails sent to the society will be held for a maximum of six years unless they are needed for legitimate interest historical purposes, to prove consent to processing or for statistical purposes. If you have provided contact information with an event listing then this will be removed from the website after the event but we will retain the details in our database until one year after the event before being erased. The data will be stored in our secure backups for a further three months before being permanently erased.
Records allowing access to the members' only area of the websites and the email newsletter will be deleted one year after your membership expired (to allow late renewals).
www.amentsoc.org and www.entrecord.com
In some circumstances the websites may contain personal data, such as contact information for an event or access details for the members' only area. This data is backed up daily. Backups are encrypted and securely copied from the server to another server provided by Amazon within their data centre in Ireland. The server storing the backups itself uses an encrypted disk. Backups are stored for three months before being automatically deleted.
In addition to these backups, the web host used for the main website (Webfaction) take their own backups but we do not have access to these.
Our online shop is provided by a third-party, Bluepark, and they take their own backups of data held in the shop but we do not have access to these.
Data collected automatically when you visit our website
As with the vast majority of websites, the AES websites automatically log certain information about every request made. If available to us, this information can be used for system administration, security, bug tracking, and for producing usage statistics. The logged information may be kept indefinitely but, on its own, cannot be used to identify individuals (except if you provide us with that data, e.g. via a contact form, or have set up your system to provide this specific information).
Data may, on occasion, be passed to the administrators of other computer systems to enable investigation of abuse or security issues. Otherwise the logged information is not passed to any third-party except if required by law. Summary statistics may be extracted from this data and some of these may be made publicly available but will not be used to identify individual persons.
We have access to the server logs for www.amentsoc.org and www.entrecord.com but not for shop.amentsoc.org.
The following data is automatically logged by the Web server each time you request a document (HTML file, an image, download a PDF etc.):-
- The name or network address of the computer making the request. Note that under some (but not all) circumstances it may be possible to infer from this the identity of the person making the request but this is usually under the user's control. Note also that the data recorded may be that of a web proxy rather than that of the originating client.
- The date and time of connection.
- The HTTP request, which contains the identification of the document requested.
- The status code of the request (success or failure etc.).
- The number of data bytes sent in response.
- The contents of the HTTP Referrer header supplied by the browser.
- The content of the HTTP User-Agent header supplied by the browser.
- Your username (as supplied by the AES) if you are an AES member and access the members' only area of our website.
Logging of additional data may be enabled temporarily from time to time for specific purposes.
The AES uses Google Analytics to anonymously monitor site usage. This information helps, amongst other things, us identify areas of the site that are popular (or unpopular) and what browsers and web devices the site should support. As an organisation run by unpaid volunteers being able to prioritise our efforts in particular areas is very important - the anonymous data obtained from analytics cookies is vital for this prioritisation process.
Google Analytics on the AES website, Entomologists' Record and online shop is configured to anonymise IP addresses before sending usage data to Google.
Cookies (small files stored on your computer's hard drive) are used on the AES website.
If your web browser allows the setting of cookies then the AES website may set the following (first party) cookie:
- BPSESSID and PHPSESSID - these are used in our online shop (URLs starting with: shop.amentsoc.org) to store information, such as the contents of your shopping basket. The cookies are essential to the operation of the shop. Please note that BPSESSID is valid for 24 hours and PHPSESSID is only valid for your session and is deleted when you close your browser.
We use Google Analytics to collect anonymised usage statistics. No individuals are identified in this process but the analytics does require the setting of these cookies:-
Should you wish to prevent these cookies being stored then this can be accomplished by changing your browser settings.