GDPR Policy – how your personal data is used and stored

Personal information that this website collects and why we collect it.  This website collects and uses personal information for the following reasons:

Contact forms and email links

Should you choose to contact us using the contact form on our contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any third-party data processor.

Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.

We retain emails on our local computers containing the information you provide us with on our contact forms or email links indefinitely unless the removal of the data is requested. Emails may also be kept on our mail servers online and accessed using webmail. Google mail using Google Apps is an example of this.

We do this in order to reply to your enquiry. We may also send you emails using this information for the purposes of marketing or keeping you informed of matters relating to you.

If you do not want us to keep any of your details on file locally or on our mail servers you can contact us and request this data to be removed. We will need to know which email address to remove data from. We will remove your data within 48 hours.

We do not exchange, sell, rent or give away your email address or any other details we hold about you to other companies.

Paying for membership, events or meetings on this website

When you make a purchase and create an account on this website we ask you for personal details such as your name, address, telephone number and email address.

We do this so we can ship your order to you and also keep you informed of any issues relating to your order. We may also send you emails using this information for the purposes of marketing or keeping you informed of matters relating to you.

This data is kept and stored online on this website indefinitely unless its removal is requested.

If you wish to remove your details from this website please contact us with your name and email address used to create your account and we will remove all your personal data within 48 hours.

Your card information is never stored on our website. We use PayPal to process payments and when you enter your card information it is entered on their website and is processed by them and not us.

Third-party data processors

We use the following third parties to process personal data on our behalf. Any third parties we use have been carefully chosen. These third parties are based in the USA and are EU-U.S Privacy Shield compliant.
Google (Pcy policy)

Paypal GDPR and privacy documents

Data breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Data controller

The data controller of this website is Badr Abdalla and should be contacted via our contact page here should you wish any / all of your data to be removed.

SSL encryption

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS

Data storage

Contact us to ask us anything else about our data protection systems.

Data protection privacy notice

WAGE is hosted by Cardiff University. Cardiff University will process the personal data you provide to us in accordance with data protection regulations. In submitting your details you consent to the University processing your personal data in order to send you information, in accordance with the preferences you have indicated above. You may withdraw this consent at any time by contacting the Professional Development team.

Please be aware that where delegates are attending BSG-endorsed events it may be necessary to transfer data to the BSG to support event attendance and certification. Where this is necessary only the information that is deemed absolutely necessary will be transferred.

Visit our public information pages to learn more about our Data Protection Policy, your rights, and raising a concern about how your personal data is processed. Our Data Protection Officer can be contacted directly at . Concerns can also be raised with the Information Commissioner’s Office (ICO).