Sign up for Newsletter Join Today Login
Join Today Login

Nuclear Institute Privacy Policy

This Privacy Policy outlines how the Nuclear Institute (NI) collects, stores, processes, and shares personal data in compliance with the General Data Protection Regulation (GDPR), effective from May 25, 2018. It applies to all members, customers, and stakeholders who interact with the NI, ensuring transparency in how we handle your personal information. 
 
This Policy replaces all previous versions. It gives details of the items of personal data that we collect from members and customers and explains how we store and process your data. It also sets out the rights you have in relation to any personal data you choose to share with us. 

The policy includes an events sharing data clause in Appendix 1.

This Policy was last updated in December 2024.

 

Definitions 

  • Personal data – information such as your name, email address, telephone numbers, home and work addresses. For members who pay their subscriptions by direct debit this may also extend to bank account details. For event bookings, job title, credit card number if supplied, purchase order numbers and details of accounts payable contacts are included. 
  • Data controller – the Nuclear Institute. 
  • Data processor – the NI’s staff, some volunteers and some of our suppliers e.g. mailing house. A list of the latter is given at the end of this Policy. 
  • Legitimate Interest - The legal basis under GDPR that allows the NI to process personal data when it is necessary for the purposes of legitimate interests pursued by the NI or a third party, provided that these interests are not overridden by the individual’s rights and freedoms. 

It is our policy to meet three requirements in relation to collection and use of your data: 

  • to collect the minimum amount of data necessary to meet your needs as a member/customer of the Nuclear Institute 
  • to collect data that enhances your engagement with us as a member/customer 
  • to safeguard the data we hold about you to the best of our ability. 

 

To do this we have data procedures in place that are followed by staff and volunteers alike and hereby provide access to the data protection policies of our suppliers. We also provide below the relevant procedures for you to either make a complain/raise a concern and to make a Subject Access Request (SAR). We provide training to our staff and volunteers and the latter are required to sign a data processor contract with us if they are permitted to handle members’ data. 

Personal data we collect and store

We adhere to the GDPR principle of data minimisation, ensuring that we collect only the personal data necessary to fulfil your needs as a member or customer of the Nuclear Institute. As well as core details like name, address, email, phone, date of birth, gender, membership grade, job title, employer and bank details, we may also collect data on your dietary and access requirements and your qualifications, other registrations and experience. This could include a CV, current and past employment details, organisation chart, your signature, and name and contact details of your proposers/referees. Proposers and referees also have the same rights over their data as our members and customers and may request its removal at any time. Their data is only used for the purposes of confirming the suitability of applicants for professional membership. 

We may collect sensitive data, such as dietary and access requirements. This information is collected solely with your explicit consent and used only for the purpose of event organisation. 

The majority of this information is stored electronically in our Customer Relationship Management (CRM) system but we also hold hard copies of your original membership applications for Members and Fellows. Historically our data has included passport numbers which we stopped collecting in 2017.  

Other data that you are invited to submit through our membership portal (MyNI) includes mailing preferences, selection of branch and special interests. For event bookings some events require us to keep a hard copy of your completed booking form otherwise this is held electronically. 

All of this information is collected in an effort to give you the best experience as a member or customer. 

Data retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Membership records are kept for 8 years post-lapse, while event-related data is retained for 3 years following the event. 

What we do with your data

For professional membership applications your data is shared with a limited number of assessors/interviewers involved with reviewing your application. For those also registering with our licensing bodies – Engineering Council, Science Council and Society for the Environment– we supply a limited amount of data to them in relation to your registration. More information can be found in their privacy policies (see below). 

All volunteers count as Data Processors under GDPR and are required to sign a contract which specifies how they must use any data provided to them by the Nuclear Institute. No data is held outside the NI’s central system and data is provided from HQ to volunteers on an ‘as needed’ basis. It must be destroyed after use and a new list provided for future use/mailings etc to ensure its currency. 

The only personal financial data we hold about some of our members is your bank account and sort code. This is only shared with our direct debit providers in order to process your membership fees. This data is only accessed by key authorised staff. 

For data provided by our customers who are not members (mainly our Events customers and Journal subscribers) the key elements of personal data that we collect and use include name, job title, organisation affiliation and this is used for delegate lists, name badges and pre- and post-event information such as circulation of slides and the collection of feedback. We may also collect information about your dietary and access requirements and possibly photos for speaker biographies and publicity purposes. Any photos taken at the event may also be used in our publications and website. For customers paying by credit card we do not store the security code which is collected separately from the full card details. 

From time to time we collect data via proprietary software such as SurveyMonkey. Whether these surveys are answered anonymously or not it is our policy to switch off the option to collect your IP address. We may collect additional data, e.g. mobile phone numbers, which are only used for the stated purpose of the survey and not stored separately. 

The lawful basis on which we store and use data

As a membership body we collect data primarily to fulfil the benefits of your membership. This includes activities such as sending your membership journal and subscription renewal documents by post and sending information about your membership such as newsletters, events listings and branch/network communications by email. In addition, telephone numbers, work details, job titles, interests etc will help us to determine the membership benefits and services of most value to you. 

We also use some elements of data, such as date of birth, gender, job title and geographical location, to determine other services that might be of value to you. 

We process all this data under the heading of ‘Legitimate interest’ which is one of the six ways in which data is permitted to be collected and used under GDPR. For the Nuclear Institute this means that by choosing to be a member or attend a Nuclear Institute event, the NI has your agreement to send you information about that membership and/or that event. You are welcome to opt out of receiving this information at any time but should understand that this may limit our ability to fulfil your membership or event booking. 

As a member/non-member you may login to your MyNI account at any time to update your mailing preferences. It is your responsibility to ensure that the details we hold about you are current and accurate. As well as a postal address (members only) and an email address, we require at least one phone number on which you can be contacted. 

How do we store and share your data?

The majority of data we hold about you is on our CRM system known as Eudonet. 

The possible other methods of storage include: 

  • Paper filing systems – for professional membership applications and membership renewal letters returned with subscription payments (up to 8 years). Some events are filed in paper format. 
  • Xero Accounts – contains basic contact details and bank details 
  • Network folders – files of data exported from the CRM system are retained in our secure network folders on our main server. Our servers are supplied by our website company (Senior) and IT company (Shiva) 
  • Proprietary software – Microsoft 365, SurveyMonkey, MailChimp, Dropbox – data from these sources may be exported to Excel files and stored in network folders. If you have any questions about these services you should see their individual Privacy Policies (listed at the end).  

The third parties that we may share your data with include: 

  • Smart Debit – direct debit processing company 
  • CPL One – publisher/mailing house for membership journal  
  • External events organising companies such as Marick Communications – please note that events organised externally will be advertised as such on our website 
  • Our licensing bodies including the Engineering Council and Science Council and Society for the Environment, who act as joint Data Controllers with the NI and as Data Processors for the NI.  
  • Your company if it is a Company Member of the Nuclear Institute. This is only the case where the company is paying for your membership subscription. 

 

Please note that we will never sell or pass on your data to commercial companies for marketing purposes. Any third-party services that the NI feels would be of interest or value to our members will generally be promoted through the membership newsletter or website. You are then responsible for any link/contact you make with such organisations including the provision of your data. 

 

How do we transfer your data?

In the limited circumstances outlined above for transferring your data to our partners, this is always done by password protected Excel spreadsheet or secure file transfer. The password is always communicated separately, either by email or, where possible, by phone. For large amounts of data Dropbox may be the preferred method, again password protected for personal data. 

 

What are your rights in relation to data stored by the NI about you?

he NI is anxious that members provide sufficient data in order to get the most out of their membership or event attendance. We also want to be able to continue to send you content we believe to be of value to you. 

However we also regularly review our policies in order to work towards minimising the amount of data that we need to collect. 

You may at any time opt in and out of various mailing lists, or from all communications, by logging in to your account and amending your preferences. 

If you do not opt out of communications but if you effectively ‘lapse’ your membership through non-payment of the membership subscription, we will in any case lapse your membership after one year of non-payment. However, we may retain your contact details for a further two years in order that we can advise you of any membership offers that may be of help in retaining your membership. Again, you may opt out of these communications at any time by amending your mailing preferences. 

Other rights you have are: 

  • to request information about the data we hold on you (Subject Access Request) 
  • to have your details removed from our records (right to be forgotten). 

 

How to initiate a SAR

  1. Your request must be addressed to the CEO and copied to our Membership inbox. You must include proof of your identity, usually a passport, which may be kept as proof of your request.
  2. Your request should state your full name and address. More information may be requested to ensure the correct record is accessed.
  3. You will be contacted by phone within 10 working days to confirm your identity.
  4. A full list of the data we hold about you will be provided within 20 working days of your request being received.

 

How to have your details removed

  1. Your request must be addressed to the CEO and copied to our Membership inbox. You must include proof of your identity, usually a passport, which may be kept as proof of your request.
  2. Your request should state your full name and address. More information may be requested to ensure the correct record is accessed.
  3. You will be contacted by phone within 10 working days to confirm your identity.
  4. You must return your membership certificate (for member records only).
  5. Any physical data held about you will be shredded. Your electronic records in Excel format will be removed from all Excel files. Your CRM record will be anonymised. This means that any financial records will remain on our system for statutory purposes (up to 8 years) but the remainder of your record will have removed your name and all other identifying details.

 

Important – please note that where this request has been made it will no longer be possible to provide you with any details about your membership or event attendance or even to confirm that you were a member in the past. No claim about membership can be made by you or anyone else about your prior membership. A list will be kept of everyone from whom such a request is received. 

For more information on your rights see the ICO website.

Suppliers/contractors

Engineering Council 

Science Council 

Society for the Environment 

Smart Debit 

CPL One 

Shiva Technology 

Senior (cookie policy) 

Marick Communications  

Eudonet UK 

Xero 

 

Proprietary software suppliers’ privacy policies

SurveyMonkey 

MailChimp 

Dropbox 

Oxford Abstracts  

Zoom  

Microsoft  

Google  

Cvent 

Videotile

Appendix 1 - Events Data Sharing Clause 

1. Purpose of Data Sharing 

To facilitate the successful organisation and management of all Nuclear Institute events, we may need to share your personal data with selected third parties, including event partners and service providers assisting in the event’s coordination. This data sharing is essential for purposes such as booking arrangements, event management, and providing necessary services to ensure a smooth event experience.

2. Data Shared 

The types of personal data that may be shared include, but are not limited to: 

  • Full name 
  • Contact details (e.g., phone number, email address) 
  • Dietary preferences and special requirements (if applicable) 
  • Accommodation details (if applicable) 

 

3. Data Protection and Security 

We are committed to protecting your personal data. All third parties with whom we share your data are contractually obligated to: 

  • Use your data solely for the purposes of the events you are attending. 
  • Implement appropriate security measures to protect your data. 
  • Comply with GDPR requirements and other relevant data protection laws. 

 4. Data Retention 

Personal data shared with third parties will be retained only as long as necessary and will be securely deleted or returned to us once an event is concluded and all related services are fulfilled. We may retain personal data to assist you in booking future events so that you do not need to complete all your personal data every time. We will not hold any personal data if you have not booked an event with us within the last 12 months.

5. Your Rights 

You have the right to access, correct, or request the deletion of your personal data. To exercise these rights or if you have any concerns regarding how your data is handled, please contact us at events@nuclearinst.com 

6. Changes to this Clause 

We may update this data sharing clause from time to time. Any significant changes will be communicated to you, and we encourage you to review this clause periodically.

7. Contact Information 

For any questions or concerns regarding the handling of your personal data, please contact the CEO at ceo@nuclearinst.com