Our approach to data in brief
The Society of Authors (SoA) keeps data on the organisations and individuals we interact with. This includes personal data on our members, mailing list subscribers, prize entrants, grant applicants, executors of literary estates, donors, event attendees, suppliers and other individuals who work within the sectors, governmental departments and campaign areas we are involved in.
We only store private data given to us by the individual, or shared with us with their consent, such as information entered on a grant or membership application form.
We do not acquire personal data from other parties. We do not sell personal data. We will never share your personal data without your consent.
We use specialist services to store and secure your data because this is far more secure than storing your data on our own systems. These services are legally bound to respect the privacy of that data, along with our obligations to it, and they have the technical expertise to secure it. We keep our use of these specialist services under constant review.
Our current membership database is provided by APT Solutions; in 2019 this facility will be moved to Microsoft Dynamics. Our digital member files are stored securely in a SharePoint facility hosted by Microsoft. Our website is built on the Kentico platform and hosted and supported by SmartImpact. Our mailing lists are hosted by MailChimp. We take event bookings via EventBrite.
The processing of your information is limited to communications that publicise our activities, which include membership activities and elections, campaigns, events, prizes and grants. This will involve ‘segmenting’ the information we hold in order to, for example, contact members in a geographic area, or with a specific professional interest. However, we do not profile, screen or cross reference the data we hold against other databases. We do not track individual users’ behaviour on our website or elsewhere. We do not use AI or algorithms to make decisions that affect you.
We do track user behaviour on our website, using Google Analytics. All the data we get is anonymised.
If you ask us to advise you on a contract or other professional issue, we will retain a copy of your query and associated documentation, along with a record of the advice we gave you.
You have a right to ask to see what information we hold for you. You have the right to ask for that data to be edited or deleted. You have the right to ask us to delete the data we hold on you. In some cases, we are legally required to retain some data permanently or for a period – for example, financial records in relation to payments you make to us or payments we make to you.
You can unsubscribe from our mailing lists at any time.
The data we hold and what we do with it
The information we ask you to provide will depend on your relationship with us and the work we need to carry out with you or on your behalf.
In the course of processing your membership application, we will ask you for a range of personal information, including (but not limited to) your name, your professional name, address and other contact details, information about your professional output, as well as financial information in order to process your membership subscription.
Throughout your membership with us, we may need to ask you for additional information at various times. This could include information to help us advise you on professional matters (including contracts and correspondence), information to help us book you onto an event, and information to help us show your support for our campaigning activities.
It might also include asking you for your consent to carry out activities, such as passing your details to the Authors’ Licensing and Collecting Society (ALCS) to take advantage of their offer of free membership to SoA members.
To subscribe to our newsletters for non-members, we will only ask you for your email address. We may ask for additional information if we invite you to show support for one of our campaigns – for instance, signing a petition – but if we do that, we will tell you at the point of sign-up how we will use your information.
If we provide advice to you as a non-member, we will retain a record of your original query and of the advice that we gave you.
Prize entries and grant applications
We administer many prizes and grants throughout the year – our own and on behalf of other organisations.
At the point of submitting your prize entry or grant application we will explain the judging or assessment process, and where appropriate ask for your consent to share the details of your entry with judges and, in the case of the third-party prizes we administer (for example, The Women’s Prize for Fiction), with external organisations.
If your publisher enters your work for a prize on your behalf, we will process that entry on the basis that they have your permission to do so.
We may invite you to take part in PR activities around our prizes and grants, however there is no obligation on you to do so.
Sharing your data with others
The SoA will only share your personal data in the following circumstances:
In support of the SoA constitution
The SoA operates a democratic constitution, which includes the nomination, selection and election of members to our Management Committee. All Full Members are entitled to vote in this process, which is managed securely by the Electoral Commission. If you are a Full Member, your name and contact details will be passed to the Electoral Commission solely for the administration of the vote.
Votes are cast anonymously, and the Electoral Commission will not share identifiable voting records with us.
As a member of the SoA you are entitled to free membership of the Authors’ Licensing and Collecting Society (ALCS). After you become a SoA member, we will ask you for consent to share your details with ALCS for them to process your membership. If you do not grant consent, we will not share your details.
Service providers and suppliers
The SoA employs external IT consultants to provide support and development services in relation to our systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
The SoA also uses third party providers to facilitate certain communications on its behalf, such as mail-outs providing notices of company meetings and elections, which requires them to access contact data. All such third parties are vetted by us to ensure they provide adequate levels of security when processing data.
In some circumstance, the SoA may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect information from unauthorised access or processing.
How we keep your information safe
We keep our approaches to data management and storage under continual review. While our current approach is secure, we are working on various projects to strengthen that security.
We work with our staff team to ensure that they are fully aware of their obligations to you and your data. Our people are on the frontline in keeping your information safe, so we commit to taking the organisational measures necessary to protect it.
Our approach to our technical setup, and its ongoing development, is based on protecting the personal data we transmit, store and otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.
If you interact with us online – whether via our website, on social media, to make an online payment to us, in surveys or event booking system, or elsewhere – those interactions will always be conducted in environments protected by SSL encryption technology.
If you engage in an email exchange with us, while we cannot guarantee the security of communications back and forth as they are transmitted between us, once we receive your message will be stored securely on our email and member filing systems.
If you make a payment to us online, we will never retain a copy of your credit or debit card details. Our payment processors (currently Square and Stripe) will retain secure details of the information they need in order to process the information.
If you apply for membership, a grant, or a prize via a paper application, it will be scanned into electronic format and stored in a password protected facility which is firewall protected. The paper copy will be shredded.
Data files shared by the SoA with third parties (including ALCS and the Electoral Commission) are password protected.
If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.
Prior to introducing new systems or technologies relevant to the processing of personal data, the SoA will undertake the necessary impact assessments with a focus on any associated risks.
The SoA retains your personal data only for as long as is necessary to provide our services, or for as long as we reasonably need to retain the information for our lawful business purposes or comply with statutory or other legal requirements.
In the event of a data breach of the SoA’s systems which impacts on the security or your personal data, we will inform you as soon as possible of the nature of the breach, the possible consequences, and what we are doing to remedy the situation in accordance with our procedures, obligations, and applicable law.
About this policy and how to complain
From time to time we may change our data processing activities. We will notify you of any changes to this policy as required by law. We will also post an updated version on our website.
Please direct any comments or queries about this policy to: Head of Communications, Society of Authors, 24 Bedford Row, London WC1R 4EH, or email firstname.lastname@example.org.
If you are unhappy with the way we process your personal data, you have the right to lodge a complaint with the UK data protection authority – the Information Commissioner’s Office (ICO). Their website is www.ico.org.uk.